Security News > 2024 > January > Exploit released for Android local elevation flaw impacting 7 OEMs

Exploit released for Android local elevation flaw impacting 7 OEMs
2024-01-31 19:15

A proof-of-concept exploit for a local privilege elevation flaw impacting at least seven Android original equipment manufacturers is now publicly available on GitHub.

Tracked as CVE-2023-45779, the flaw was discovered by Meta's Red Team X in early September 2023 and was addressed in Android's December 2023 security update without disclosing details an attacker could use to discern and exploit it.

The researchers released an exploit for CVE-2023-45779 on GitHub, making it widely available, but that doesn't mean that users who haven't received a fix yet should be particularly worried.

Typically, the flaw would require physical access to the target device and some expertise in using 'adb shell' to exploit it, so the PoC is primarily intended for research and mitigation validation.

As we have seen multiple times, there's always the possibility of the exploit being used as part of an exploit chain to elevate privileges on an already compromised device.

Exploits released for Linux flaw giving root on major distros.


News URL

https://www.bleepingcomputer.com/news/security/exploit-released-for-android-local-elevation-flaw-impacting-7-oems/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-12-04 CVE-2023-45779 Unspecified vulnerability in Google Android
In the APEX module framework of AOSP, there is a possible malicious update to platform components due to improperly used crypto.
local
low complexity
google
7.8