In onPackageRemoved of AccessibilityManagerService.java,...
High severity
Unreviewed
Published
Jan 26, 2023
to the GitHub Advisory Database
•
Updated Feb 9, 2023
Description
Published by the National Vulnerability Database
Jan 26, 2023
Published to the GitHub Advisory Database
Jan 26, 2023
Last updated
Feb 9, 2023
In onPackageRemoved of AccessibilityManagerService.java, there is a possibility to automatically grant accessibility services due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-243378132
References