CVE-2024-10382

Summary

CVE-2024-10382 is a new code execution vulnerability affecting the Car App Android Jetpack Library. The issue lies in the CarAppService component, which utilizes deserialization logic. Malicious actors can construct arbitrary Java classes through this vulnerability, leading to code execution when specific deserialization gadgets are used. To exploit this vulnerability, an attacker must install a malicious application on the victim's device. Affected applications using the vulnerable library version 1.7.0-beta02 or below are at risk. Upgrading the library to a patched version is recommended to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.