-
Status: Completed.
-
Description: In getAlias of BluetoothDevice.java, there is a possible way to create misleading permission dialogs due to missing data filtering. This could lead to local information disclosure with User execution privileges needed. User interaction is needed for exploitation.
-
Type: ID
-
Severity: High
-
Links:
-
Exploit: Modify the alias for every connected device to the victims phone to a misleading text.
-
Patch: Like Google source but also hooked the setAlias method to avoid allowing the usage of these characters also here.