Android External Storage Providers Path Traversal Vulnerability Allowing Privilege Escalation

A path traversal vulnerability has been identified in multiple components of the Android framework, specifically within the External Storage Provider and Download Provider. This vulnerability allows for unauthorized access to 'Android/data/', 'Android/obb/', and 'Android/sandbox' directories on shared storage, potentially leading to local escalation of privileges. Exploitation of this vulnerability requires user interaction.

Impact

Exploitation of this vulnerability could result in unauthorized access to sensitive data within the 'Android/data/', 'Android/obb/', and 'Android/sandbox' directories, allowing for local escalation of privileges.

Reproduction

The vulnerability can be reproduced by accessing the affected directories on shared storage through an application that interacts with the External Storage Provider or Download Provider. The path traversal error can be exploited by manipulating file access requests to bypass normal restrictions, thereby gaining unauthorized access to data that should be protected.

Remediation

Users can update their devices to the May 2025 security patch level to address this vulnerability.