Hacker News new | past | comments | ask | show | jobs | submit login
Extract sensitive data from Android 12/13 apps via "run-as" forgery (tinyhack.com)
2 points by skilled 4 months ago | hide | past | favorite | 1 comment



Some context:

CVE-2024-0044 - https://nvd.nist.gov/vuln/detail/CVE-2024-0044

> In createSessionInternal of PackageInstallerService.java, there is a possible run-as any app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Bypassing the "run-as" debuggability check on Android via newline injection - https://rtx.meta.security/exploitation/2024/03/04/Android-ru...

Exfiltrate sensitive user data from apps on Android 12 and 13 using CVE-2024-0044 vulnerability - https://www.mobile-hacker.com/2024/06/17/exfiltrate-sensitiv...




Consider applying for YC's W25 batch! Applications are open till Nov 12.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: