Main Vulnerability Database Vulnerabilities #VU35000

Incorrect permission assignment for critical resource in Google Android - CVE-2019-9464

Published: December 7, 2019 / Updated: August 8, 2020

Vulnerability identifier: #VU35000

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2019-9464

CWE-ID: CWE-732

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

In various functions of RecentLocationApps.java, DevicePolicyManagerService.java, and RecognitionService.java, there is an incorrect warning indicating an app accessed the user's location. This could dissolve the trust in the platform's permission system, with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141028068

How to mitigate CVE-2019-9464

Install update from vendor's website.

Sources

https://source.android.com/security/bulletin/2019-12-01

Incorrect permission assignment for critical resource in Google Android - CVE-2019-9464

Detailed vulnerability description

How to mitigate CVE-2019-9464

Sources

Please verify you're human