CVE-2024-0048

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Mar 11, 2024

Updated: Dec 16, 2024

CWE ID 230

Summary

CVE-2024-0048 is a newly discovered vulnerability affecting the Session component in AccountManagerService.java. The issue arises due to a mishandling of null responses, which may allow an attacker to retain foreground service privileges. This escalation of privilege does not require any additional execution privileges or user interaction, making it a significant concern for security. An attacker exploiting this flaw could potentially gain heightened access to sensitive data or functions within the affected system.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Android

Affected Vendors

Google

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/uwSXYD
https://www.cve.org/CVERecord?id=CVE-2024-0048
https://nvd.nist.gov/vuln/detail/CVE-2024-0048

Back to Vulnerability Database