Name of the Vulnerable Software and Affected Versions shared preferences android versions prior to 2.3.4

Description The issue arises from the serialization and deserialization of special string prefixes used to store data types that are not natively representable by the available storage options. This process allows for the deserialization of arbitrary classes, leading to arbitrary code execution. An attacker can overwrite files containing preferences with a malicious version that includes a deserialization payload, which is triggered when the data is loaded from the disk.

Recommendations For versions prior to 2.3.4, update to the latest version of shared preferences android that contains the changes to address this issue. As a temporary workaround, consider restricting access to the deserialization process until a patch is applied.