Lucene search

GoogleOSV:ASB-A-326485767

HistoryJun 01, 2024 - 12:00 a.m.

Silently retain Accessibility Service after package update

2024-06-0100:00:00

Google

osv.dev

accessibility service

input validation

local privilege escalation

CVSS3

6.3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

AI Score

Confidence

High

EPSS

Percentile

9.2%

JSON

In updateServicesLocked of AccessibilityManagerService.java, there is a possible way for an app to be hidden from the Setting while retaining Accessibility Service due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

References

android.googlesource.com/platform/frameworks/base/+/c1bc907a649addd5b97d489fd39afb956164a46c

source.android.com/security/bulletin/2024-06-01

CVSS3

6.3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

AI Score

Confidence

High

EPSS

Percentile

9.2%

JSON

Related for OSV:ASB-A-326485767