CVE-2024-43093-43047
Path Normalization Bypass in Android Enables Local Privilege Escalation
In the shouldHideDocument section of ExternalStorageProvider.java, there is a way to bypass the filter that stops access to important file paths. This happens because of a mistake with unicode normalization. It might let someone gain higher access locally without needing extra execution rights. However, a user needs to interact for this exploit to work.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
google android 12.0 |
||
google android 13.0 |
||
google android 14.0 |
||
google android 15.0 |
We at Kaspersky’s Global Research and Analysis Team monitor over 900 APT (advanced persistent threat) groups and operations. At the end of each year, we take a step back to assess the most complex and sophisticated attacks that have shaped the threat landscape. These insights enable us to anticipate emerging trends and build a clearer picture of what the APT landscape may look like in the year ahead. In this article in the KSB series, we review the trends of the past year, reflect on the predi...
Google fixes two Android zero-days used in targeted attacks By Bill Toulas November 5, 2024 09:30 AM 0 Google fixed two actively exploited Android zero-day flaws as part of its November security updates, addressing a total of 51 vulnerabilities. Tracked as CVE-2024-43047 and CVE-2024-43093, the two issues are marked as exploited in limited, targeted attacks. "There are indications that the following may be under limited, targeted exploitation," says Google's advisory. The CVE-2024-43047 flaw is ...