In addition, it is possible that the component is injected into an activity or service where it does not have the appropriate access. For example, it might be located in an activity where it has no access to the Internet, so it can not be updated. This component could be reported as a false positive if it was reported against a component that was already blocked and not re-enabled. There is an issue with the component not having the necessary access. Since the component does not have permission check , resulting in Local Elevation of privilege.Product: AndroidVersions: Android SoCAndroid ID: A-242244028 In addition, it is possible that the component is injected into an activity or service where it does not have the appropriate access. For example, it might be located in an activity where it has no access to the Internet, so it can not be updated. This component could be reported as a false positive if it was reported against a component that was already blocked and not re-enabled. There is an issue with the component not having the necessary access. Since the component does not have permission check , resulting in Local Elevation of privilege.Product: AndroidVersions: Android SoCAndroid ID: A-242244028
Multiple Vulnerabilities in Mediaserver CVE-2022-20434
The Mediaserver component has multiple vulnerabilities. This can be used to gain elevated privileges.
CVE-2022-40332
This vulnerability is a remote code execution vulnerability that can be leveraged to execute code without the user's knowledge or permission. It can be leveraged by an attacker who is able to trigger media playback through MediaServer.
Timeline
Published on: 10/11/2022 20:15:00 UTC
Last modified on: 10/12/2022 20:22:00 UTC