Permissions, Privileges, and Access Controls in Google Camera - CVE-2019-2234
Published: November 20, 2019
Vulnerability identifier: #VU22856
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear
CVE-ID: CVE-2019-2234
CWE-ID: CWE-264
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Google
Affected software:
Google Camera
Google Camera
Detailed vulnerability description
The vulnerability allows a malicious application on the phone to gain access to sensitive data on the system.
The vulnerability exists due to insecure implementation of permissions in Google Camera app. A malicious application that was installed on a phone and was granted SD card permissions can gain full access to the Google Camera application and use it to communicate via network and takeover the phone.
How to mitigate CVE-2019-2234
Google has released the security update in July.