Android Intent Resolver ChooserActivity Elevation of Privilege Vulnerability

A vulnerability in the ChooserActivity component of the Android Intent Resolver module allows for a local elevation of privilege. This issue arises from a missing permission check, which creates a potential bypass of factory reset protections. Exploitation of this vulnerability does not require any additional execution privileges or user interaction.

Impact

Exploitation of this vulnerability could lead to unauthorized access to elevated privileges, allowing a user to perform actions or access resources that are normally restricted.

Reproduction

To reproduce this vulnerability, first trigger factory reset protection on the device. Then, use an ADB command to initiate sharing via the ChooserActivity. The missing permission check will allow the sharing to bypass the factory reset protections, exploiting the elevation of privilege vulnerability.

Remediation

Users can update their devices to the October 2024 security patch level to address this vulnerability.