Android-8.0 Access of Resource Using Incompatible Type (‘Type Confusion’) Vulnerability

Summary

In FastKeyAccumulator::GetKeysSlow of keys.cc, there is a possible out of bounds write due to type confusion. 

Credit:

The information has been provided by Vendor

The original article can be found at:https://source.android.com/security/bulletin/2020-07-01


Details

This could lead to remote code execution when processing a proxy configuration with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android.

 

Vulnerable Systems:

Android-8.0 

Android-8.1 

Android-9 

Android-10

 

CVE Information:

CVE-2020-0224

 

Disclosure Timeline:
Published Date:7/17/2020

Categories: FeaturedNews