| ▲ | RadiozRadioz 17 hours ago | |||||||||||||||||||
I'm really struggling to find any concrete information about what this vulnerability actually is. Does anyone know where to look for a good summary? | ||||||||||||||||||||
| ▲ | jfindper 17 hours ago | parent | next [-] | |||||||||||||||||||
>[...] there is a possible way to launch activities from the background due to a permissions bypass. https://www.cve.org/CVERecord?id=CVE-2025-48572 https://android.googlesource.com/platform/frameworks/base/+/... https://android.googlesource.com/platform/frameworks/base/+/... >"In hasAccountsOnAnyUser of DevicePolicyManagerService.java, there is a possible way to add a Device Owner after provisioning due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed." https://www.cve.org/CVERecord?id=CVE-2025-48633 https://android.googlesource.com/platform/frameworks/base/+/... | ||||||||||||||||||||
| ▲ | ActorNightly 16 hours ago | parent | prev | next [-] | |||||||||||||||||||
Search CVE numbers. https://www.cve.org/CVERecord?id=CVE-2025-48633 Basically, just like most things these days, its all just local privilege escalation. This means that you have to install/run an app that has these exploits built in. Soif you usage profile doesn't include downloading apps from untrusted sources, you don't need to worry. | ||||||||||||||||||||
| ||||||||||||||||||||
| ▲ | aleatorianator 17 hours ago | parent | prev [-] | |||||||||||||||||||
[dead] | ||||||||||||||||||||