Possible Local Escalation of Privilege Vulnerability in PackageInstallerService
Key Information
- Vendor
- Status
- Android
- Vendor
- CVE Published:
- 11 March 2024
Badges
Summary
The vulnerability CVE-2024-0044 in the PackageInstallerService in Android 12 and 13 could potentially allow for local escalation of privilege without additional execution privileges needed. This vulnerability could be exploited with physical access to the device with enabled ADB debugging, allowing access to internal data of any user-installed app. The sensitive information contained within these apps could be exfiltrated and accessed by unauthorized parties. There is currently no known exploitation of this vulnerability by ransomware groups.
Affected Version(s)
Android = 14
Android = 13
Android = 12L
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
June 2024 Archives
Skip to content I want to make a WhatsApp message backup from a non-rooted Android 12 Phone. A few years ago, I used Whatsapp-Chat-Exporter to convert the backup to HTML, but first, I had to extract the...
5 months ago
www.mobile-hacker.com CVE-2024-0044Android Archives - Mobile Hacker
Exfiltrate sensitive user data from apps on Android 12 and 13 using CVE-2024-0044 vulnerability mhJune 17, 2024June 17, 20241 Comment With physical access to Android device with enabled ADB...
5 months ago
www.mobile-hacker.com CVE-2024-0044Vulnerability Archives - Mobile Hacker
Exfiltrate sensitive user data from apps on Android 12 and 13 using CVE-2024-0044 vulnerability mhJune 17, 2024June 17, 20241 Comment With physical access to Android device with enabled ADB...
5 months ago