CVE-2024-43093

Name of the Vulnerable Software and Affected Versions Android (affected versions not specified)

Description A privilege escalation vulnerability exists in the Android Framework component, specifically within the ExternalStorageProvider.java file. This flaw is due to an incorrect Unicode normalization when handling file paths, potentially bypassing file path filters designed to restrict access to sensitive directories. Successful exploitation of this issue could allow an attacker to gain elevated privileges with no additional execution privileges needed, potentially granting unauthorized access to directories such as Android/data, Android/obb, and Android/sandbox. User interaction is required for exploitation. Reports indicate that this vulnerability, tracked as CVE-2024-43093, is actively being exploited in the wild, with limited, targeted attacks observed.

Recommendations Update your Android device to the latest available version to address this vulnerability.