Local Privilege Escalation in Android User Dictionary by Google

CVE-2018-9375

Summary

A vulnerability exists in the UserDictionaryProvider.java where multiple functions may allow a malicious application to manipulate the user dictionary. This flaw enables the addition and deletion of words without the necessary execution privileges, which can lead to unauthorized escalation of privileges. Notably, user interaction is not required for successful exploitation, increasing the risk of attack on affected devices.

References