Symantec Norton App Lock CVE-2019-18373 Local Security Bypass Vulnerability

Description

Symantec Norton App Lock for Android is prone to a local security-bypass vulnerability. Local attackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks. Norton App Lock versions prior to 1.4.0.503 are vulnerable.

Technologies Affected

• Symantec Norton App Lock 1.0.0.99
• Symantec Norton App Lock 1.0.2.167
• Symantec Norton App Lock 1.0.2.179
• Symantec Norton App Lock 1.0.3.186
• Symantec Norton App Lock 1.2.0.252
• Symantec Norton App Lock 1.3.0.13
• Symantec Norton App Lock 1.3.0.329
• Symantec Norton App Lock 1.3.0.332
• Symantec Norton App Lock 1.4.0.445

Recommendations

Permit local access for trusted individuals only. Where possible, use restricted environments and restricted shells.
Ensure that only trusted users have local, interactive access to affected computers.

Do not allow untrusted users physical access to systems.
Users should not allow unknown or untrusted users to access affected devices.

Updates are available. Please see the references or vendor advisory for more information.