CVE-2024-56435

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Jan 8, 2025

Updated: Jan 13, 2025

CWE ID 200

Summary

CVE-2024-56435 is a newly identified cross-process screen stack vulnerability that resides in the UIExtension module. This issue allows an attacker to potentially manipulate the memory of another process, which could affect service confidentiality. Successful exploitation of this vulnerability could result in the exposure of sensitive information, underscoring the importance of timely patches to mitigate the risk. The root cause of the issue is not yet public, but users are advised to update their software as soon as patches become available.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

HarmonyOS

Affected Vendors

Huawei Technologies

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/17Xnxz
https://www.cve.org/CVERecord?id=CVE-2024-56435
https://nvd.nist.gov/vuln/detail/CVE-2024-56435

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners