Android Framework Audio Recording Permission Bypass Vulnerability Allowing Privilege Escalation
Vulnerability
A vulnerability exists in the Android Framework's audio handling component, specifically in the AppOps permission management system. This issue allows a background application to record audio without the necessary permissions, leading to unauthorized audio capture. The vulnerability arises from a missing permission check, which could be exploited to escalate privileges locally. Notably, no additional execution privileges are required for exploitation, and user interaction is not needed.
Impact
Exploitation of this vulnerability could result in unauthorized audio recording, potentially leading to privacy violations.
Reproduction
The vulnerability can be reproduced by using a background application that requests audio recording permissions but does not receive them. Due to the missing permission check, the application can still access the microphone and record audio. This can be tested by manually recording audio in the background while the microphone access indicator is disabled.
Remediation
Users can update their devices to the September 2025 security patch level, which addresses this vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.