01642 06 11 11 Arrange Call

Potential Settings Bypass Vulnerability Allowing Arbitrary Domain Default Handler in PackageManagerService

CVE-2020-0074 · HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2020-0074

In verifyIntentFiltersIfNeeded of PackageManagerService.java, there is a possible settings bypass allowing an app to become the default handler for arbitrary domains. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-146204120

Learn more about our Cis Benchmark Audit For Google Android.