- 漏洞信息

100835
Google Android PreferenceActivity Class :android:show_fragment Intent Extra Arbitrary Class Loading Local Privilege Escalation
Local Access Required, Mobile Phone / Hand-held Device Other
Loss of Integrity Upgrade
Exploit Unknown Vendor Verified

- 漏洞描述

Google Android contains a flaw in the PreferenceActivity class that leads to unauthorized privileges being gained. The issue is due to the :android:show_fragment intent extra allowing for arbitrary classes to be loaded. This may allow a local attacker to use a specially crafted application to load arbitrary classes and gain elevated privileges.

- 时间线

2013-12-10 Unknow
Unknow Unknow

- 解决方案

Google has provided a patch in Android 4.4 KitKat by adding a new protected API, PreferenceActivity.isValidFragment, which is called before the Fragment is dynamically instantiated by PreferenceActivity

- 相关参考

- 漏洞作者

Unknown or Incomplete
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站