CVE-2018-9377

Name of the Vulnerable Software and Affected Versions Android versions prior to the fixed version

Description The issue allows for local escalation of privilege or information disclosure due to uninitialized data or a pending intent. This could lead to accessing user metadata or local information disclosure with no additional execution privileges needed. User interaction is not required for exploitation.

Recommendations For Android versions prior to the fixed version, consider restricting access to sensitive data and metadata to minimize the risk of exploitation. As a temporary workaround, consider disabling the getIntentForIntentSender function in ActivityManagerService.java until a patch is available. Avoid using uninitialized data in BnAudioPolicyService::onTransact of IAudioPolicyService.cpp to prevent information disclosure.