Possible Malicious Update to APEX Module Framework Could Lead to Local Escalation of Privilege

Summary

In TBD of TBD, there is a possible malicious update to platform components due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

News Articles

Pak Media Blog

CVE-2023-45779

Exploit Released For Android Local Elevation Flaw Impacting 7 Oems

A proof-of-concept (PoC) exploit for a local privilege elevation flaw impacting at least seven Android original equipment manufacturers (OEMs) is now publicly available on GitHub. However, as the exploit requires local access, its release will mostly be helpful to...

8 months ago

OP Innovate

CVE-2023-45779

Public Release of Exploit for Android Privilege Elevation Flaw Affecting Multiple OEMs (CVE-2023-45779) - OP INNOVATE

A PoC exploit for CVE-2023-45779, a local privilege elevation vulnerability affecting Android devices from multiple OEMs, is now public on GitHub. Discovered by Meta's Red Team X, the flaw involves insecurely signed APEX modules using test keys, potentially enabling malicious updates and full device...

8 months ago

TechWar.GR

CVE-2023-45779

Exploit released for Android local lifting flaw affecting 7 OEMs

A proof-of-concept (PoC) exploit for a local privilege elevation flaw affecting at least seven OEMs

8 months ago

More News...