PT-2022-23637 · Google · Android 10+1
Published
2022-08-05
·
Updated
2022-10-27
·
CVE-2022-36833
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Game Optimizing Service versions prior to 3.3.04.0 in Android 10
Game Optimizing Service versions prior to 3.5.04.8 in Android 11 and above
Description
The issue is related to improper privilege management, allowing a local attacker to execute a hidden function intended for developers by changing the package name. This can be exploited by modifying the
package name variable.Recommendations
For Game Optimizing Service versions prior to 3.3.04.0 in Android 10, update to version 3.3.04.0 or later.
For Game Optimizing Service versions prior to 3.5.04.8 in Android 11 and above, update to version 3.5.04.8 or later.
As a temporary workaround, consider restricting access to the package name modification functionality until a patch is available.
Fix
Improper Privilege Management
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Android 10
Android 11