Possible Read/Write of Arbitrary Files Through Permissions Bypass
CVE-2018-9468
7.1HIGH
What is CVE-2018-9468?
A permissions bypass vulnerability exists in Android's DownloadManager, specifically in the query functionality of DownloadManager.java. This flaw allows unauthorized read and write access to arbitrary files, resulting in local information disclosure and the possibility of file rewriting without requiring additional execution privileges. Exploitation of this vulnerability does not necessitate user interaction, making it a significant concern for device security.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
Android 7
Android 8
Android 8.1
References
CVSS V3.1
Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved