Local Information Disclosure in Android Pixel Devices

CVE-2018-9379

Summary

This vulnerability arises from a flaw in multiple functions of MiniThumbFile.java within Android Pixel devices, allowing unauthorized access to the thumbnails of deleted photos. This can lead to local information disclosure, as the issue stems from a confused deputy problem, which does not require any additional execution privileges or user interaction for exploitation.

References