#VU48781 Path traversal in Play Core Library
Vulnerability identifier: #VU48781
Vulnerability risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-22
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Play Core Library
Mobile applications /
Libraries for mobile applications
Vendor: Google
Description
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to input validation error when processing directory traversal sequences inside apk files in Android's Play Core Library within the SplitCompat.install endpoint. A remote attacker can create a specially crafted APK file that targets a specific application, trick the victim into installing that APK and gain full access to the targeted application.
Successful exploitation of the vulnerability may allow an attacker to compromise the affected system but requires that the victim willingly installs a malicious application.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Play Core Library: 1.3.6 - 1.7.1
External links
http://blog.oversecured.com/Oversecured-automatically-discovers-persistent-code-execution-in-the-Google-Play-Core-Library/
http://developer.android.com/reference/com/google/android/play/core/release-notes#1-7-2
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
