| ▲ | jfindper 17 hours ago | |
>[...] there is a possible way to launch activities from the background due to a permissions bypass. https://www.cve.org/CVERecord?id=CVE-2025-48572 https://android.googlesource.com/platform/frameworks/base/+/... https://android.googlesource.com/platform/frameworks/base/+/... >"In hasAccountsOnAnyUser of DevicePolicyManagerService.java, there is a possible way to add a Device Owner after provisioning due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed." https://www.cve.org/CVERecord?id=CVE-2025-48633 https://android.googlesource.com/platform/frameworks/base/+/... | ||