Computer Security

Android UID protection bypass
SecurityVulns ID:9931
Description:Improper package UID validation allows application to access another application's data.
Affected:ANDROID : Android 1.5
CVE:CVE-2009-1754 (The PackageManagerService class in services/java/com/android/server/ in Android 1.5 through 1.5 CRB42 does not properly check developer certificates during processing of sharedUserId requests at an application's installation time, which allows remote attackers to access application data by creating a package that specifies a shared user ID with an arbitrary application.)
Original documentdocumentWill Drewry, [oCERT-2009-006] Android improper package verification when using shared uids (25.05.2009)
Discuss:Read or add your comments to this news (0 comments)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod