Entreprise d'experts en Sécurité Informatique : Audits et conseils en cybersécurité
Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com


CVE-2024-43087

Description

In getInstalledAccessibilityPreferences of AccessibilitySettings.java, there is a possible way to hide an enabled accessibility service in the accessibility service settings due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

POC

Reference

- https://android.googlesource.com/platform/packages/apps/Settings/+/6253b87704bb097ad9963941bdddf3b86906a73e

Github

No PoCs found on GitHub currently.