CVE-2024-0038
CVSS 3.1 Score 7.8 of 10 (high)
Details
Published Feb 16, 2024
Updated: Dec 16, 2024
CWE ID 862
Summary
CVE-2024-0038 is a vulnerability affecting the AccessibilityManagerService.java in the injectInputEventToInputFilter function. This issue arises due to a missing permission check, allowing for potential arbitrary input event injection. With no additional execution privileges required, an attacker could leverage this flaw for local privilege escalation, making user interaction unnecessary for successful exploitation.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Android