OAuth Token Bypass Vulnerability in Google Play Services SDK
CVE-2014-7922

Currently unrated

Key Information:

Vendor: Google
Status: Play Services Sdk
Vendor: CVE Published:; 23 February 2015

What is CVE-2014-7922?

A security flaw in the Google Play Services SDK allows malicious applications to exploit the GoogleAuthUtil.getToken method. By manipulating parameters in OAuth token requests via the Bundle extras, attackers can bypass consent dialogs, granting them unauthorized access to sensitive OAuth scopes, including the SID and LSID scopes. This exploitation could lead to unauthorized access to a user’s Google account and sensitive information.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://gist.github.com/isciurus/df4d7edd9c3efb4a0753

x_refsource_MISC

http://isciurus.blogspot.com/2015/01/android-app-with-ful...

x_refsource_MISC

Timeline

Vulnerability published
Feb 23, 2015
Vulnerability Reserved
Oct 6, 2014

JSON

Google

What is CVE-2014-7922?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.