Understanding CVE-2024-0044: A High-Severity Android Vulnerability

Samoh

Android Improper Input Validation: A possible Run-As any app leading to a potential local privilege escalation without user interaction.

Introduction

In the ever-evolving landscape of cybersecurity, staying informed about the latest vulnerabilities is crucial. One such vulnerability that has recently come to light is CVE-2024-0044. This high-severity vulnerability affects Android versions 12 and 13, posing significant risks to users and developers alike.

What is CVE-2024-0044?

CVE-2024-0044 is a vulnerability identified in the createSessionInternal function of the PackageInstallerService.java file. This vulnerability arises due to improper input validation, which can lead to a “run-as any app” attack. Essentially, this means that an attacker can exploit this flaw to gain unauthorized access to sensitive data and perform unauthorized actions on the affected device.

Technical Details

The vulnerability allows for local escalation of privilege without requiring user interaction. This is particularly concerning because it means that an attacker can exploit the vulnerability without any additional execution privileges. The issue stems from the improper handling of input within the createSessionInternal function, which can be manipulated during the session creation process.

Impact

The potential impact of CVE-2024-0044 is significant. By exploiting this vulnerability, an attacker can gain elevated privileges on the affected device, allowing them to access sensitive information, modify system settings, and potentially install malicious software. This can lead to severe consequences for users, including data breaches and loss of personal information.

Mitigation and Recommendations

To mitigate the risks associated with CVE-2024-0044, it is essential to apply the latest security patches provided by Android. Users should ensure that their devices are updated to the latest version to protect against this vulnerability. Additionally, developers should review their code for similar input validation issues and implement best practices to prevent such vulnerabilities in the future.

Is your device affected with CVE-2024-0044 ?

To check if your Android device is affected by CVE-2024-0044, you need to verify your device’s security patch level. Here’s how you can do it:

1. Open Settings: Go to the Settings app on your Android device.
2. Scroll Down and Select About Phone: This option is usually at the bottom of the settings menu, or My phone > Android Version > Android security update
3. Find Android Version: Tap on “Android Version” or “Software Information”.
4. Check Security Patch Level: Look for the “Android security patch level” date.

If your device has a security patch level of March 2024 or later, it should be protected against CVE-2024-0044.

If your device is not up to date, you should:

• Update Your Device: Go back to the main settings menu, select “System Update” or “Software Update”, and check for updates.
• Install Available Updates: Follow the prompts to download and install any available updates.

Keeping your device updated is crucial for protecting against vulnerabilities like CVE-2024-0044.

References

https://rtx.meta.security/exploitation/2024/03/04/Android-run-as-forgery.html

https://nvd.nist.gov/vuln/detail/CVE-2024-0044

https://www.mobile-hacker.com/2024/06/17/exfiltrate-sensitive-user-data-from-apps-on-android-12-and-13-using-cve-2024-0044-vulnerability/

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate that the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware

https://github.com/scs-labrat/android_autorooter

https://github.com/pl4int3xt/cve_2024_0044

https://github.com/007CRIPTOGRAFIA/C-CVE-2024-0044