Published: 11/08/2020 Updated: 12/08/2020

CVSS v2 Base Score: 6.9 | Impact Score: 10 | Exploitability Score: 3.4

CVSS v3 Base Score: 7 | Impact Score: 5.9 | Exploitability Score: 1

VMScore: 614

Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

In updatePreferenceIntents of AccountTypePreferenceLoader, there is a possible confused deputy attack due to a race condition. This could lead to local escalation of privilege and launching privileged activities with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-8.0Android ID: A-150946634

Vulnerable Product	Search on Vulmon	Subscribe to Product
google android 8.0
google android 8.1
google android 9.0
google android 10.0

As the world descends into madness, it's good to see some things never change: Monthly Android patches

The Register • Shaun Nichols in San Francisco • 04 Aug 2020

Qualcomm bugs among the worst – including a critical hole in wireless networking Is it Patch Blues-day for Outlook? Microsoft's email client breaks worldwide, leaves everyone stumped

Google has emitted the August edition of its Android software security updates. This month's fixes include one remote-code-execution bug (CVE-2020-0240), present in the Android Framework. Google warns that the bug "could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process," though isn't being exploited... yet. That flaw was the only remote-code-execution bug present in the 01 level of the security patch bundle. This is t...

CVE-2020-0238

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect