Possible Malicious Update to APEX Module Framework Could Lead to Local Escalation of Privilege
CVE-2023-45779
Key Information:
Badges
What is CVE-2023-45779?
A vulnerability exists in Android platform components where improper cryptographic practices may allow for malicious updates. This flaw could potentially enable local escalation of privileges without the need for additional execution permissions or user interaction. The implications of this vulnerability highlight the importance of secure cryptographic implementation to safeguard the integrity of system components.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
Android Android SoC
News Articles
Exploit Released For Android Local Elevation Flaw Impacting 7 Oems
A proof-of-concept (PoC) exploit for a local privilege elevation flaw impacting at least seven Android original equipment manufacturers (OEMs) is now publicly available on GitHub. However, as the exploit requires local access, its release will mostly be helpful to...
OP InnovateCVE-2023-45779Public Release of Exploit for Android Privilege Elevation Flaw Affecting Multiple OEMs (CVE-2023-45779) - OP INNOVATE
A PoC exploit for CVE-2023-45779, a local privilege elevation vulnerability affecting Android devices from multiple OEMs, is now public on GitHub. Discovered by Meta's Red Team X, the flaw involves insecurely signed APEX modules using test keys, potentially enabling malicious updates and full device...
TechWar.GRCVE-2023-45779Exploit released for Android local lifting flaw affecting 7 OEMs
A proof-of-concept (PoC) exploit for a local privilege elevation flaw affecting at least seven OEMs
References
CVSS V3.1
Timeline
- 📰
First article discovered by Beeping Computers
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved