Computer Security


Android UID protection bypass
SecurityVulns ID:9931
Threat Level:
Description:Improper package UID validation allows application to access another application's data.
Affected:ANDROID : Android 1.5
CVE:CVE-2009-1754 (The PackageManagerService class in services/java/com/android/server/ in Android 1.5 through 1.5 CRB42 does not properly check developer certificates during processing of sharedUserId requests at an application's installation time, which allows remote attackers to access application data by creating a package that specifies a shared user ID with an arbitrary application.)
Original documentdocumentWill Drewry, [oCERT-2009-006] Android improper package verification when using shared uids (25.05.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod