The PackageManagerService class in services/java/com/android/server/PackageManagerService.java in Android 1.5 up to and including 1.5 CRB42 does not properly check developer certificates during processing of sharedUserId requests at an application's installation time, which allows remote user-assisted malicious users to access application data by creating a package that specifies a shared user ID with an arbitrary application.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
google android 1.5 |