Incorrect permission assignment for critical resource in Google Android - CVE-2018-21081

 

Incorrect permission assignment for critical resource in Google Android - CVE-2018-21081

Published: April 8, 2020 / Updated: August 8, 2020


Vulnerability identifier: #VU34516
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2018-21081
CWE-ID: CWE-732
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: Google
Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

An issue was discovered on Samsung mobile devices with N(7.x) software. In Dual Messenger, the second app can use the runtime permissions of the first app without a user's consent. The Samsung ID is SVE-2017-11018 (March 2018).


How to mitigate CVE-2018-21081

Install update from vendor's website.

Sources