File Download Vulnerability in Opera Mini for Android
CVE-2019-18624

9.8CRITICAL

Key Information:

Vendor: Opera
Status: Mini
Vendor: CVE Published:; 29 October 2019

Summary

Opera Mini for Android has a critical vulnerability that allows attackers to bypass protections against the download and installation of malicious .apk files. By exploiting a Right to Left Override (RTLO) attack technique, an attacker can disguise harmful files, misrepresenting them to the user and the system. This misinterpretation can lead to the inadvertent installation of malware, as seen in affected versions including 44.1.2254.142553, 44.1.2254.142659, and 44.1.2254.143214. Users need to be aware of such vulnerabilities to protect against unauthorized file installations.

References

https://medium.com/%40YoKoKho/illegal-rendered-at-downloa...

x_refsource_MISC

http://firstsight.me/2019/10/illegal-rendered-at-download...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 29, 2019
Vulnerability Reserved
Oct 29, 2019