CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-0044

Critical Severity
Google
SVRS
79/100
CVSSv3
6.7/10
EPSS
0.0525/1

CVE-2024-0044 allows potential local escalation of privilege due to improper input validation in PackageInstallerService.java's createSessionInternal function. While the CVSS score is 6.7 (Medium), SOCRadar's Vulnerability Risk Score (SVRS) is 79, highlighting a near-critical level of risk. This discrepancy indicates that the vulnerability is more urgent than the CVSS score suggests due to real-world factors. The vulnerability allows an attacker to run as any app, potentially leading to unauthorized access and control of sensitive data and system functions. The absence of user interaction requirement for exploitation is particularly dangerous. The "Exploit Available" tag and "In The Wild" tag emphasize the immediate need for patching. Addressing CVE-2024-0044 is crucial to prevent exploitation and maintain system security.

TAGS
In The Wild
Exploit Avaliable
VECTOR STRING
CVSS:3.1
AV:L
AC:L
PR:H
UI:N
S:U
C:H
I:H
A:H
PUBLICATION DATE2024-03-11
LAST MODIFIED2025-01-28
Eye Icon
SOCRadar
AI Insight

Description:

CVE-2024-0044 is a vulnerability in PackageInstallerService.java that allows local escalation of privilege due to improper input validation. This vulnerability could be exploited by an attacker to gain elevated privileges on a targeted system without requiring additional execution privileges or user interaction.

Key Insights:

  • SVRS Score: 52 indicates a moderate risk, highlighting the need for attention and monitoring.
  • Exploit Status: Active exploits have been published, making this vulnerability a potential target for attackers.
  • CISA Warning: The Cybersecurity and Infrastructure Security Agency (CISA) has not issued a warning for this vulnerability.
  • In the Wild: There is no evidence that this vulnerability is actively exploited by hackers.

Mitigation Strategies:

  • Apply Software Updates: Install the latest software updates from the vendor to patch the vulnerability.
  • Restrict User Privileges: Limit user privileges to the minimum necessary to perform their tasks, reducing the potential impact of an exploit.
  • Implement Network Segmentation: Segment the network to isolate critical systems and reduce the spread of potential attacks.
  • Enable Intrusion Detection and Prevention Systems: Deploy intrusion detection and prevention systems to monitor for suspicious activity and block malicious attempts.

Additional Information:

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

TitleSoftware LinkDate
nexussecelite/EvilDroidhttps://github.com/nexussecelite/EvilDroid2024-08-04
canyie/CVE-2024-0044https://github.com/canyie/CVE-2024-00442024-09-27
Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

CVE-2024-0044 | Google Android PackageInstallerService.java createSessionInternal injection (GHSA-m7fh-f3w4-r6v2)
vuldb.com2024-12-17
CVE-2024-0044 | Google Android PackageInstallerService.java createSessionInternal injection (GHSA-m7fh-f3w4-r6v2) | A vulnerability, which was classified as problematic, has been found in Google Android. Affected by this issue is the function createSessionInternal of the file PackageInstallerService.java. The manipulation leads to injection. This vulnerability is handled as CVE-2024-0044. Attacking locally is a requirement. There is no
cve-2024-0044
java
information technology
https
Tageszusammenfassung - 18.06.2024
CERT.at2024-06-18
Tageszusammenfassung - 18.06.2024 | End-of-Day report Timeframe: Montag 17-06-2024 18:02 - Dienstag 18-06-2024 18:02 Handler: Michael Schlagenhaufer Co-Handler: Thomas Pribitzer News Hackers use F5 BIG-IP malware to stealthily steal data for years A group of suspected Chinese cyberespionage actors named Velvet Ant are deploying custom malware on F5 BIG-IP appliances to gain a persistent connection to the internal network and steal data. <a href="https://www.bleepingcomputer.com/news/security/hackers-use-f5-big-ip-malware-to-stealthily-steal-data-for-years/
cve-2024-38428
cve-2024-0044
domains
urls
Dump WhatsApp chat or exfiltrate internal data from any app on Android 12 and 13 using CVE-2024-0044
/u/barakadua1312024-06-17
Dump WhatsApp chat or exfiltrate internal data from any app on Android 12 and 13 using CVE-2024-0044 | &#32; submitted by &#32; <a href="https://www.reddit.com
reddit.com
rss
forum
news
Exfiltrate WhatsApp chat, or internal data of any Android app, running on Android 12 or 13 by exploiting CVE-2024-0044 vulnerability
/u/barakadua1312024-06-17
Exfiltrate WhatsApp chat, or internal data of any Android app, running on Android 12 or 13 by exploiting CVE-2024-0044 vulnerability | &#32; submitted by &#32; /u/barakadua131 [link] &#32; [comments]&#32; submitted by &#32; /u/barakadua131 <a href="https://
cve-2024-0044
domains
urls
cves

Social Media

Vulnerability Android: CVE-2024-0044 https://t.co/rMIO4gdc66 #Informatica #SeguridadInformatica
0
0
0
5. Android malware can impersonate PDF file: https://t.co/K9Pafn1asd 6. Exfiltrate sensitive user data from apps on Android 12 and 13 using CVE-2024-0044 vulnerability: https://t.co/OdzIL17S1q
0
2
2
GitHub - scs-labrat/android_autorooter: Exfiltrate sensitive user data from apps on Android 12 and 13 using CVE-2024-0044 vulnerability remotely https://t.co/Rn7ZccCe0A
0
1
4
Just developed a Python script to exploit Android 12 and 13 CVE-2024-0044! ⚡ Dive into the details and see how it works. #CyberSecurity #Python #AndroidSecurity #EthicalHacking #CVE2024_0044 https://t.co/F8ARaoVFKh
0
0
0
@_JohnHammond sir could you make video on this CVE-2024-0044. I have seen this in one telegram group. And it refers this GitHub url for exploit https://t.co/gnfbPhx4ij As i seen this I'm curious to know about this also could you explain this 🙂 https://t.co/FOgLTWr2vs
0
0
0
Exfiltrate sensitive user data from apps on Android 12 and 13 using CVE-2024-0044 vulnerability : https://t.co/PJ6epN2PNV Also check back : Becoming any Android app via Zygote command injection : https://t.co/Vg2ILH0zis https://t.co/s6udQoaedz
0
4
6
GitHub - pl4int3xt/cve_2024_0044: CVE-2024-0044: a &quot;run-as any app&quot; high-severity vulnerability affecting Android versions 12 and 13 - https://t.co/EGmiDfNGSZ
0
0
1
"Exfiltrate sensitive user data from apps on Android 12 and 13 using CVE-2024-0044 vulnerability" With physical access to Android device with enabled ADB debugging running Android 12 or 13 before receiving March 2024 security patch, it is possible to ac… https://t.co/GegpwYl4O6
0
0
0
Extraer la base de datos de WhatsApp (o cualquier dato de la aplicación) de Android 12/13 usando vulnerabilidad CVE-2024-0044 https://t.co/Q3yUTywFZg https://t.co/a7kgwOwULV
0
2
8
Extracting WhatsApp Database (or any app data) from Android 12/13 using CVE-2024-0044 https://t.co/1VMVXabpND
1
7
30

Affected Software

Configuration 1
TypeVendorProduct
OSGoogleandroid

References

ReferenceLink
[email protected]https://android.googlesource.com/platform/frameworks/base/+/65bd134b0a82c51a143b89821d5cdd00ddc31792
[email protected]https://source.android.com/security/bulletin/2024-03-01
[email protected]https://android.googlesource.com/platform/frameworks/base/+/65bd134b0a82c51a143b89821d5cdd00ddc31792
[email protected]https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-m7fh-f3w4-r6v2
[email protected]https://rtx.meta.security/exploitation/2024/03/04/Android-run-as-forgery.html
[email protected]https://source.android.com/security/bulletin/2024-03-01
AF854A3A-2127-422B-91AE-364DA2661108https://android.googlesource.com/platform/frameworks/base/+/65bd134b0a82c51a143b89821d5cdd00ddc31792
AF854A3A-2127-422B-91AE-364DA2661108https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-m7fh-f3w4-r6v2
AF854A3A-2127-422B-91AE-364DA2661108https://rtx.meta.security/exploitation/2024/03/04/Android-run-as-forgery.html
AF854A3A-2127-422B-91AE-364DA2661108https://source.android.com/security/bulletin/2024-03-01
[email protected]https://android.googlesource.com/platform/frameworks/base/+/65bd134b0a82c51a143b89821d5cdd00ddc31792
[email protected]https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-m7fh-f3w4-r6v2
[email protected]https://rtx.meta.security/exploitation/2024/03/04/Android-run-as-forgery.html
[email protected]https://source.android.com/security/bulletin/2024-03-01
AF854A3A-2127-422B-91AE-364DA2661108https://android.googlesource.com/platform/frameworks/base/+/65bd134b0a82c51a143b89821d5cdd00ddc31792
AF854A3A-2127-422B-91AE-364DA2661108https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-m7fh-f3w4-r6v2
AF854A3A-2127-422B-91AE-364DA2661108https://rtx.meta.security/exploitation/2024/03/04/Android-run-as-forgery.html
AF854A3A-2127-422B-91AE-364DA2661108https://source.android.com/security/bulletin/2024-03-01
[email protected]https://android.googlesource.com/platform/frameworks/base/+/836750619a8bce0bf78fe0549f9990e294671563
[email protected]https://android.googlesource.com/platform/frameworks/base/+/954b2874b85b6cd0d6bb12cd677cdf22e5dbd77b
[email protected]https://source.android.com/security/bulletin/2024-10-01
GITHUBhttps://github.com/metaredteam/external-disclosures/security/advisories/GHSA-m7fh-f3w4-r6v2
GITHUBhttps://rtx.meta.security/exploitation/2024/03/04/Android-run-as-forgery.html

CWE Details

CWE IDCWE NameDescription
CWE-75Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)The software does not adequately filter user-controlled input for special elements with control implications.
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')The software constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence