> In createSessionInternal of PackageInstallerService.java, there is a possible run-as any app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-0044 - https://nvd.nist.gov/vuln/detail/CVE-2024-0044
> In createSessionInternal of PackageInstallerService.java, there is a possible run-as any app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Bypassing the "run-as" debuggability check on Android via newline injection - https://rtx.meta.security/exploitation/2024/03/04/Android-ru...
Exfiltrate sensitive user data from apps on Android 12 and 13 using CVE-2024-0044 vulnerability - https://www.mobile-hacker.com/2024/06/17/exfiltrate-sensitiv...