CVE-2024-10382
CVSS 3.1 Score 7.5 of 10 (high)
Details
Summary
CVE-2024-10382 is a code execution vulnerability affecting the Car App Android Jetpack Library. The issue resides in the CarAppService deserialization logic, which allows for the construction of arbitrary java classes. With the help of other gadgets, this vulnerability can lead to the execution of malicious code. For an attack to be successful, an attacker needs to have a malicious app installed on a victim's device alongside an app that uses the CarAppService Class. To mitigate this risk, it is recommended to upgrade the library to a version past 1.7.0-beta02.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.