7.8
CVSSv3

CVE-2024-43093

CVSSv4: NA | CVSSv3: 7.8 | CVSSv2: NA | VMScore: 880 | EPSS: 0.00246 | KEV: Exploitation Reported
Published: 13/11/2024 Updated: 14/11/2024

Vulnerability Summary

Path Normalization Bypass in Android Enables Local Privilege Escalation

In the shouldHideDocument section of ExternalStorageProvider.java, there is a way to bypass the filter that stops access to important file paths. This happens because of a mistake with unicode normalization. It might let someone gain higher access locally without needing extra execution rights. However, a user needs to interact for this exploit to work.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

google android 12.0

google android 13.0

google android 14.0

google android 15.0

Github Repositories

CVE-2024-43093

CVE-2024-43093 CVE-2024-43093

Overview CVE-2024-43093 and CVE-2024-43047 Download here Details CVE ID CVE-2024-43047 Published 2024-11-05 Impact Confidentiality Exploit Availability Not public, only private CVSS 78 CVE ID CVE-2024-43093 Published 2024-11-05 Impact Confidentiality Exploit Availability Not public, only private CVSS VERY HIGH Vulnerability Description CVE-2024-43093-critical vulnerabil

Recent Articles

Advanced threat predictions for 2025
Securelist • Igor Kuznetsov • 25 Nov 2024

We at Kaspersky’s Global Research and Analysis Team monitor over 900 APT (advanced persistent threat) groups and operations. At the end of each year, we take a step back to assess the most complex and sophisticated attacks that have shaped the threat landscape. These insights enable us to anticipate emerging trends and build a clearer picture of what the APT landscape may look like in the year ahead. In this article in the KSB series, we review the trends of the past year, reflect on the predi...

Google fixes two Android zero-days used in targeted attacks
BleepingComputer • Bill Toulas • 05 Nov 2024

Google fixes two Android zero-days used in targeted attacks By Bill Toulas November 5, 2024 09:30 AM 0 Google fixed two actively exploited Android zero-day flaws as part of its November security updates, addressing a total of 51 vulnerabilities. Tracked as CVE-2024-43047 and CVE-2024-43093, the two issues are marked as exploited in limited, targeted attacks. "There are indications that the following may be under limited, targeted exploitation," says Google's advisory. The CVE-2024-43047 flaw is ...