CVE-2024-0037: Bypassing Permission Checks in SaveUi.java to View Other Users' Images

A recent discovery in the world of software vulnerabilities has led to the identification of CVE-2024-0037. In this post, we'll discuss the details of this vulnerability and how it could potentially lead to local information disclosure by viewing images belonging to other users. This issue was found in the applyCustomDescription method of SaveUi.java, which is missing a permission check. We'll cover the code snippet involved, links to original references, and exploit details. To exploit this vulnerability, user execution privileges are needed, but no user interaction is required.

The following is the code snippet from SaveUi.java, where the vulnerability exists

public class SaveUi {
    ...
    public void applyCustomDescription(Uri uri, String description) {
        ...
        ContentResolver contentResolver = getContentResolver();
        ContentValues contentValues = new ContentValues();
        contentValues.put(MediaStore.Images.Media.DESCRIPTION, description);
        contentResolver.update(uri, contentValues, null, null);
        ...
    }
    ...
}

In the above code, the applyCustomDescription method takes a Uri and description as input and updates the description of the image file in the MediaStore. The security check missing in this method is for user permission to access or modify the information of other users' images.

Original References

1. The official CVE record: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0037

2. Android Security Bulletin: https://source.android.com/security/bulletin/2024-06-02

Exploit Details

To exploit this vulnerability, an attacker would require user execution-level privileges, i.e., the attacker would need to have access to the device to run their code. However, the attacker does not need any user interaction, making the vulnerability dangerous on compromised devices.

Here are the steps an attacker can take to exploit this vulnerability

1. Acquire user execution privileges on the target device, possibly through the installation of a malicious app or through other compromised software.

Utilize the applyCustomDescription method to update or manipulate other users' images' metadata.

3. Identify the images belonging to other users for potential data leaks and identify sensitive information if available.

4. Extract the identified information and transmit it to an external source for further exploitation or blackmail.

Conclusion

CVE-2024-0037 is a serious vulnerability that could lead to the unauthorized access and manipulation of images belonging to different users. Developers and administrators should be aware of this potential threat and be sure to update the affected component (SaveUi.java) to include permission checks when accessing or modifying image metadata.

To protect users from being exploited by this vulnerability, it's crucial to enforce strict permissions for user execution privileges on devices, ensure the installation and use of secure applications, and maintain regular software updates to minimize the possibility of being compromised.

Timeline

Published on: 02/16/2024 02:15:51 UTC
Last modified on: 02/16/2024 13:37:51 UTC