PT-2024-26055 · Google · Android 12+2
Hsia.Angsh
·
Published
2024-09-03
·
Updated
2024-09-05
·
CVE-2024-34637
CVSS v3.1
6.2
Medium
| Vector | AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Android 12 versions prior to SMR Sep-2024 Release 1
Android 13 versions prior to SMR Jun-2024 Release 1
Android 14 versions prior to SMR Jun-2024 Release 1
Description
The issue is related to improper access control in the WindowManagerService, allowing local attackers to bypass restrictions on starting services from the background. This could potentially lead to unauthorized access and actions on the affected devices.
Recommendations
For Android 12 versions prior to SMR Sep-2024 Release 1, update to SMR Sep-2024 Release 1 or later to resolve the issue.
For Android 13 versions prior to SMR Jun-2024 Release 1, update to SMR Jun-2024 Release 1 or later to resolve the issue.
For Android 14 versions prior to SMR Jun-2024 Release 1, update to SMR Jun-2024 Release 1 or later to resolve the issue.
As a temporary workaround, consider restricting access to the WindowManagerService until a patch is available.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Android 12
Android 13
Android 14