This repo contains the code of the exploits and the security patches we developed for the CVEs used in the paper "VirtualPatch: Fixing Android Security Vulnerabilities through Application-Level Virtualization"
- CVE entry: CVE-2019-9376
- Original Patch: [1]
- VirtualPatch Patch: accountpatch
- Exploit: shiva
- CVE entry: CVE-2021-0313
- Original Patch: [1]
- VirtualPatch Patch: MinikinPatch
- Exploit: nobreak
- CVE entry: CVE-2021-0604
- Original Patch: [1]
- VirtualPatch Patch: BtMMSPatch
- Exploit: btmms
- CVE entry: CVE-2021-0444
- Original Patch: [1]
- VirtualPatch Patch: LeakContactPatch
- Exploit: LeakContact
- CVE entry: CVE-2021-0341
- Original Patch: [1] [2]
- VirtualPatch Patch: okhttppatch
- Exploit: -
- CVE entry: CVE-2021-0521
- Original Patch: [1]
- VirtualPatch Patch: PackagesPatch
- Exploit: AllApplications
- CVE entry: CVE-2021-0591
- Original Patch: [1]
- VirtualPatch Patch: BroadcastHijackPatch [2]
- Exploit: BroadcastHijack
- CVE entry: CVE-2018-9493
- Original Patch: [1] [2]
- VirtualPatch Patch: DownloadManagerSQLiPatch
- Exploit: DownloadManagerSQLi
- CVE entry: CVE-2018-9452
- Original Patch: [1] [2]
- VirtualPatch Patch: DoSWidthCalculationPatch
- Exploit: DoSWidthCalculation
- CVE entry: CVE-2018-9525
- Original Patch: [1]
- VirtualPatch Patch: not needed
- Exploit: ChangeDeviceSettings
- CVE entry: CVE-2018-9548
- Original Patch: [1]
- VirtualPatch Patch: ContentProviderUriValidationPatch
- Exploit: ContentProviderUriValidation
- CVE entry: CVE-2021-0931
- Original Patch: [1]
- VirtualPatch Patch: BluetoothAliasPatch
- Exploit: BluetoothAlias
- CVE entry: CVE-2018-9582
- Original Patch: [1]
- VirtualPatch Patch: not needed
- Exploit: PackageInstallerSpoofing
- CVE entry: CVE-2019-2003
- Original Patch: [1]
- VirtualPatch Patch: LinkPhishingPatch
- Exploit: LinkPhishing
- CVE entry: CVE-2019-2232
- Original Patch: [1]
- VirtualPatch Patch: TextLineDoSPatch
- Exploit: TextLineDoS
- CVE entry: CVE-2018-9467
- Original Patch: [1]
- VirtualPatch Patch: HostnameParsingPatch
- Exploit: HostnameParsing
- CVE entry: CVE-2020-0239
- Original Patch: [1]
- VirtualPatch Patch: DocumentMetadataPatch
- Exploit: DocumentMetadataLeak
- CVE entry: CVE-2020-0441
- Original Patch: [1]
- VirtualPatch Patch: NotificationDOSPatch
- Exploit: LongNotificationDOS
- CVE entry: CVE-2020-0459
- Original Patch: [1] [2] [3] [4] [5]
- VirtualPatch Patch: not needed
- Exploit: NetworkInfoLeaker
- CVE entry: CVE-2020-0391
- Original Patch: [1]
- VirtualPatch Patch: not needed
- Exploit: UnprotectedBroadcastPixel
- CVE entry: CVE-2021-1929
- Original Patch: -
- VirtualPatch Patch: not needed
- Exploit: QualcomQmmiLeaker
- CVE entry: CVE-2020-0014
- Original Patch: [1]
- VirtualPatch Patch: ClickableToastPatch
- Exploit: MaliciousToast
- CVE entry: CVE-2019-2137
- Original Patch: [1] [2]
- VirtualPatch Patch: EndCallPatch
- Exploit: EndCallAttack
- CVE entry: CVE-2020-0443
- Original Patch: [1]
- VirtualPatch Patch: SettingsProviderPatch
- Exploit: LocaleBootloop
- CVE entry: CVE-2021-0597
- Original Patch: [1]
- VirtualPatch Patch: not needed
- Exploit: SIPLeaker
Some CVEs do not require a patch because VirtualApp implementation of app-level virtualization prevents the exploits by design. For instance, only certain Broadcasts are delivered to or forwarded from apps running inside the virtual environment, so exploits that use other Broadcast messages are blocked by default.