Local Resource Exposure in NlpService Affecting Android Products

CVE-2018-9406

Summary

The NlpService in certain Android versions contains a vulnerability that allows an attacker to exploit a missing permission check, potentially revealing sensitive location information. This could enable local escalation of privileges without requiring additional permissions or user interaction, posing a risk to user privacy and system integrity.

References