Primary

Context

Bluebird Kiosk Application Unsecured Service Provider Vulnerability Allowing Global Settings Modification

Vulnerability

Patched

A vulnerability exists in a pre-loaded kiosk application on Bluebird devices, all versions prior to 1.1.2. The application exposes an unsecured service provider, 'com.bluebird.kiosk.launcher.IpartnerKioskRemoteService', which allows local attackers to bind to the AIDL-type service and modify the device's global settings and wallpaper image.

Impact

Exploitation of this vulnerability allows local attackers to change global device settings and the wallpaper image.

Remediation

Users can update to version 1.1.2 or later to address this vulnerability.

Added: Jul 17, 2025, 1:19 PM

Updated: Jul 17, 2025, 1:19 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Bluebird Kiosk Application Unsecured Service Provider Vulnerability Allowing Global Settings Modification

Vulnerability

Impact

Remediation

Affected Products

Bluebird com.bluebird.kiosk.launcher

Bluebird com.bluebird.filemanagers

Bluebird kr.co.bluebird.android.bbsettings

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating