Information Leakage in Kruger&Matz Smartphones Due to App Lock Feature
CVE-2024-13916

6.9MEDIUM

Key Information:

Vendor

Kruger&matz

Status
Com.pri.applock
Vendor
CVE Published:
30 May 2025

Badges

đź“° News Worthy

What is CVE-2024-13916?

The application 'com.pri.applock', pre-installed on Kruger&Matz smartphones, is vulnerable due to its handling of user-provided PIN codes. The application allows users to encrypt any app with a chosen PIN or biometric data; however, it exposes a public method in its content provider, which can be exploited by malicious applications. This flaw enables unauthorized apps to access the user’s encrypted PIN, potentially compromising the security of user data.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

com.pri.applock 13

News Articles

favicon imageThe Hacker News

Preinstalled Apps on Ulefone, KrĂĽger&Matz Phones Let Any App Reset Device, Steal PIN

Three Android CVEs expose Ulefone, KrĂĽger&Matz phones to factory resets, PIN leaks, and privilege abuse.

References

https://cert.pl/en/posts/2025/05/CVE-2024-13915
third-party-advisory

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • đź“°

    First article discovered by The Hacker News

  • Vulnerability published

  • Vulnerability Reserved

Credit

Szymon Chadam
JSON
.