CVE-2024-0038

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Feb 16, 2024
Updated: Dec 16, 2024
CWE ID 862

Summary

CVE-2024-0038 is a vulnerability affecting the AccessibilityManagerService.java in the injectInputEventToInputFilter function. This issue arises due to a missing permission check, allowing for potential arbitrary input event injection. With no additional execution privileges required, an attacker could leverage this flaw for local privilege escalation, making user interaction unnecessary for successful exploitation.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share