Unpatched Deserialization Vulnerability in ZygoteProcess.java Could Lead to Local Escalation of Privilege
CVE-2024-31317

7.8HIGH

Key Information:

Vendor
Google
Status
Android
Vendor
CVE Published:
9 July 2024

Badges

πŸ“ˆ Score: 548πŸ‘Ύ Exploit Exists🟑 Public PoCπŸ“° News Worthy

What is CVE-2024-31317?

CVE-2024-31317 is a vulnerability found in the ZygoteProcess.java component of Google's Android operating system. This vulnerability arises from unsafe deserialization methods that can allow an attacker to execute code with elevated privileges. If exploited, this could severely compromise device security, enabling unauthorized modifications to system settings or the execution of malicious applications without needing user interaction. The implications of this vulnerability are particularly concerning given the widespread use of Android devices in both personal and business environments.

Technical Details

The vulnerability is located within multiple functions of ZygoteProcess.java, where it fails to properly handle object deserialization. This flaw allows an attacker to manipulate serialized data in a way that grants code execution capabilities as any application on the system, specifically with WRITE_SECURE_SETTINGS permissions. This means a malicious actor could potentially alter critical system settings, impacting the overall integrity and security of the device. The requirement for user execution privileges indicates that malicious scripts can run in the context of existing user applications, but user interaction is not necessary for the vulnerability to be exploited.

Potential Impact of CVE-2024-31317

  1. Local Escalation of Privilege: The primary risk is the potential for local privilege escalation, allowing attackers to execute code with higher permissions than intended. This capability can lead to unauthorized control over application functionalities and settings.

  2. System Compromise: Exploitation of this vulnerability could compromise the integrity of the Android operating system, allowing an attacker to install malicious software, access sensitive data, or manipulate system settings without user consent.

  3. Increased Malware Risk: The ability to execute code without user interaction creates a pathway for malware deployment, increasing the risk of widespread infections and potentially leading to data breaches or further exploitations by adversarial entities.

Affected Version(s)

Android 14

Android 13

Android 12L

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-31317
Created by fuhei

zygote-injection-toolkit
Created by Anonymous941

News Articles

favicon imageGBHackers News

Android Zygote Injection Flaw Lets Attackers Execute Code & Gain Elevated Privileges

A significant vulnerability in the Android operating system, identified as CVE-2024-31317, has been discovered, allowing attackers.

References

https://android.googlesource.com/platform/frameworks/base...
https://source.android.com/security/bulletin/2024-06-01

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • πŸ“°

    First article discovered by GBHackers News

  • 🟑

    Public PoC available

  • πŸ‘Ύ

    Exploit known to exist

  • Vulnerability published

.