Missing Permission Check in updateAssistMenuItems of Editor.java Allows Escape from Setup Wizard and Local Privilege Escalation

Missing Permission Check in updateAssistMenuItems of Editor.java Allows Escape from Setup Wizard and Local Privilege Escalation

CVE-2019-2026 · MEDIUM Severity

AV:L/AC:L/AU:N/C:P/I:P/A:P

In updateAssistMenuItems of Editor.java, there is a possible escape from the Setup Wizard due to a missing permission check. This could lead to local escalation of privilege and FRP bypass with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0Android ID: A-120866126

Learn more about our Cis Benchmark Audit For Google Android.