-
Status: Completed.
-
Description: In multiple functions of ContentProvider.java, there is a possible permission bypass due to a missing URI validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
-
Type: ID
-
Severity: High
-
Links:
-
Exploit: Create a vulnerable app with a content provider, with a path prefix and some permission for a "/private" path. Access it with the exploit app using the instructions provided in the poc of the Google Source website.
-
Patch: Add a Uri verification for all the operations exported by the ContentResolver.