Possible Local Escalation of Privilege Vulnerability in PackageInstallerService
CVE-2024-0044

6.7MEDIUM

Key Information:

Vendor
Google
Status
Android
Vendor
CVE Published:
11 March 2024

Badges

πŸ“ˆ TrendedπŸ“ˆ Score: 14,800πŸ‘Ύ Exploit Exists🟑 Public PoCπŸ“° News Worthy

What is CVE-2024-0044?

CVE-2024-0044 is a vulnerability found in the PackageInstallerService component of Android, developed by Google. This weakness allows for local privilege escalation, enabling attackers to run any app without needing additional execution privileges or user interaction. Organizations utilizing Android devices that rely on this service could face significant risks, including unauthorized access to sensitive data and potential disruption of operating system functionalities.

Technical Details

The vulnerability arises from improper input validation in the createSessionInternal method within the PackageInstallerService.java file. This issue could enable attackers to exploit the vulnerability by gaining escalated privileges, effectively allowing them to execute actions with higher authority than what their original permissions would allow. The flaw could be leveraged without the need for additional execution privileges or any sort of user interaction, simplifying the attack process.

Impact of the Vulnerability

  1. Unauthorized Access: Exploiting this vulnerability could grant attackers the ability to access sensitive files and settings on affected Android devices, leading to data exposure and potential misuse of information.

  2. System Compromise: Attackers could execute privileged operations under the context of other applications, potentially allowing the installation of malicious software or making unauthorized changes to system configurations.

  3. Operational Disruption: With the ability to run apps with elevated privileges, an attacker could disrupt normal operations, affecting the stability and reliability of critical services and workflows within an organization.

Affected Version(s)

Android 14

Android 13

Android 12L

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

cve_2024_0044
Created by pl4int3xt

android_autorooter
Created by scs-labrat

c-CVE-2024-0044
Created by 007CRIPTOGRAFIA

News Articles

favicon imagetinyhack.com

June 2024 Archives

Skip to content I want to make a WhatsApp message backup from a non-rooted Android 12 Phone. A few years ago, I used Whatsapp-Chat-Exporter to convert the backup to HTML, but first, I had to extract the...

6 months ago

favicon imagewww.mobile-hacker.com

Android Archives - Mobile Hacker

Exfiltrate sensitive user data from apps on Android 12 and 13 using CVE-2024-0044 vulnerability mhJune 17, 2024June 17, 20241 Comment With physical access to Android device with enabled ADB...

7 months ago

favicon imagewww.mobile-hacker.com

Vulnerability Archives - Mobile Hacker

Exfiltrate sensitive user data from apps on Android 12 and 13 using CVE-2024-0044 vulnerability mhJune 17, 2024June 17, 20241 Comment With physical access to Android device with enabled ADB...

7 months ago

References

https://android.googlesource.com/platform/frameworks/base...
https://source.android.com/security/bulletin/2024-03-01
https://rtx.meta.security/exploitation/2024/03/04/Android...

CVSS V3.1

Score:
6.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🟑

    Public PoC available

  • πŸ“ˆ

    Vulnerability started trending

  • πŸ‘Ύ

    Exploit known to exist

  • πŸ“°

    First article discovered by www.mobile-hacker.com

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database7 Proof of Concept(s)5 News Article(s)
.