Possible Bypass of File Path Filter Leads to Local Escalation of Privilege
CVE-2024-43093
Key Information:
- Vendor
- External Storage Provider
- Status
- Android
- Vendor
- CVE Published:
- 13 November 2024
Badges
Summary
A vulnerability in ExternalStorageProvider.java related to the shouldHideDocument function allows for a potential bypass of a file path filter. This flaw stems from incorrect normalization of Unicode characters, which can grant unauthorized access to sensitive directories. Although user interaction is necessary for exploitation, this vulnerability poses a significant risk as it permits local escalation of privileges without the need for additional execution rights.
CISA Reported
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Get notified when SecurityVulnerability.io launches alerting đź””
Well keep you posted 📧
News Articles
ForbesCVE-2024-43093Google Android Deadline—You Have 21 Days To Update Your Phone
Government warns all users to act now as attacks are confirmed to be underway.
3 months ago
Help Net SecurityWeek in review: Zero-click flaw in Synology NAS devices, Google fixes exploited Android vulnerability - Help Net Security
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Millions of Synology NAS devices vulnerable to
3 months ago
References
CVSS V3.1
Timeline
Vulnerability published
- 🦅
CISA Reported
- 🟡
Public PoC available
- đź‘ľ
Exploit known to exist
- đź“°
First article discovered by SecurityWeek