/cve-2024-0044

CVE-2024-0044

Primary LanguagePython

python-static-badge android-static-badge

CVE-2024-0044

  • CVE-2024-0044 allows a "run-as" attack to be performed, resulting in a local escalation of privileges. This enables an attacker to access private files stored locally by any application on the mobile device, compromising the security guarantees provided by the "Application Sandbox".
  • Requires ADB shell access and developer mode enabled on the mobile device.
  • Affects Android versions 12, 12L, 13, and 14*.
  • Discovered and disclosed by Meta Red Team X in March 2024.
  • Security patch released by Google in the Android security bulletin of March 2024.

Usage

python cve_2024_0044.py -p target.package.name -a any-app.apk

cve-2024-0044

Tip

For the any-app.apk file, any mobile application can be used, such as F-Droid, for example.