This issue can be seen in a device running on Android 8.0 Oreo. In order to replicate this issue, an unprivileged app needs to be created. This app needs to make a request to a system service. The issue can be seen here. The app is created by developer team. For demo purpose, this app is used. This unprivileged app can be used to escalate privilege. In order to reproduce this issue, create a new unprivileged app. To do that, go to the developer options of your device and enable the unprivileged app creation. After this, create a new unprivileged app. After the creation of the unprivileged app, make a request to the system service. The request will fail, as the system service does not have permission check. As a result, the request fails with Local elevation of privilege. This unprivileged app can be used to escalate privilege.
How to exploit this issue?
This issue can be exploited with an unprivileged app that makes a request to the system service. This app will fail, as the system service does not have permission check. As a result, the request fails with Local elevation of privilege. An unprivileged app can be used to escalate privilege by making a request to the system service.
Reproducing steps
- Create a new unprivileged app in developer options
- Create a new unprivileged app
- Make request to the system service
- The request fails, as the system service does not have permission check. As a result, the request fails with Local elevation of privilege
Timeline
Published on: 10/11/2022 20:15:00 UTC
Last modified on: 10/12/2022 20:21:00 UTC