PT-2020-11821 · Google · Android
Published
2020-12-15
·
Updated
2020-12-16
·
CVE-2020-0486
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Android versions Android-11
Description
The issue is related to a possible permission bypass in the ContactsProvider2.java file, specifically in the openAssetFileListener method, due to an insecure default value. This could lead to local escalation of privilege, allowing an attacker to change contact data without needing additional execution privileges. User interaction is not required for exploitation.
Recommendations
For Android version Android-11, consider restricting access to the ContactsProvider2.java file or the openAssetFileListener method as a temporary workaround until a patch is available. Additionally, review and update the default value settings to ensure secure configuration and prevent potential permission bypass.
Fix
Incorrect Default Permissions
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Android