PT-2021-13430 · Google · Android

Published

2021-12-15

Updated

2022-07-12

CVE-2021-1025

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Android versions prior to the fixed version

Description A local information disclosure issue exists due to a missing permission check in the WallpaperManagerService.java. This could allow an attacker to determine whether an app is installed without query permissions. No additional execution privileges are needed, and user interaction is not required for exploitation.

Recommendations For Android versions prior to the fixed version, consider restricting access to the WallpaperManagerService.java until a patch is available. As a temporary workaround, avoid using the hasNamedWallpaper function in WallpaperManagerService.java to minimize the risk of exploitation.

Fix

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

CVE-2021-1025

Affected Products

Android

PT-2021-13430 · Google · Android

CVE-2021-1025

Weakness Enumeration

Related Identifiers

Affected Products

References · 3