Android Libcore ZipFile Dynamic Code Loading Remote Code Execution Vulnerability

A remote code execution vulnerability has been identified in the Android Libcore component, specifically within the ZipFile class. This issue arises from improper input validation, which creates a potential for attackers to manipulate dynamic code loading. The vulnerability affects several versions of Android and can be exploited without requiring additional execution privileges or user interaction.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the affected device.

Reproduction

The vulnerability can be reproduced by creating a zip file with invalid headers, which the ZipFile class will improperly process due to the lack of adequate input validation. This manipulation can then be used to execute arbitrary code on the device.

Remediation

Users can update to the latest version of Android to address this vulnerability. Instructions for checking and updating Android versions are available on the Google Support website.