In verifyIntentFiltersIfNeeded of PackageManagerService.java, there is a possible settings bypass allowing an app to become the default handler for arbitrary domains. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-8.0Android ID: A-150038428
References
Link | Resource |
---|---|
https://source.android.com/security/bulletin/2020-06-01 | Patch Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: google_android
Published: 2020-06-10T17:11:32
Updated: 2020-06-10T17:11:32
Reserved: 2019-10-17T00:00:00
Link: CVE-2020-0115
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-06-10T18:15:10.203
Modified: 2021-07-21T11:39:23.747
Link: CVE-2020-0115
JSON object: View
Redhat Information
No data.
CWE