QwikSec

Security Database

CVE

CWE

Training

CVE-2009-2348

Published: Jul 17, 2009

Modified: Aug 7, 2024

PUBLISHED

Description

Android 1.5 CRBxx allows local users to bypass the (1) Manifest.permission.CAMERA (aka android.permission.CAMERA) and (2) Manifest.permission.AUDIO_RECORD (aka android.permission.RECORD_AUDIO) configuration settings by installing and executing an application that does not make a permission request before using the camera or microphone.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://android.git.kernel.org/?p=platform/packages/apps/Camera.git%3Ba=commit%3Bh=e655d54160e5a56d4909f2459eeae9012e9f187f

x_refsource_CONFIRM

http://android.git.kernel.org/?p=platform/frameworks/base.git%3Ba=commit%3Bh=7b7225c8fdbead25235c74811b30ff4ee690dc58

x_refsource_CONFIRM

android-permission-security-bypass(51798)

vdb-entry

x_refsource_XF

20090716 [oCERT-2009-011] Android improper camera and audio permission verification

mailing-list

x_refsource_BUGTRAQ

[oss-security] 20090716 [oCERT-2009-011] Android improper camera and audio permission verification

mailing-list

x_refsource_MLIST

vdb-entry

x_refsource_BID

http://android.git.kernel.org/?p=platform/frameworks/base.git%3Ba=commit%3Bh=4d8adefd35efdea849611b8b02d61f9517e47760

x_refsource_CONFIRM

http://www.ocert.org/advisories/ocert-2009-011.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

CVE-2009-2348 - Security Vulnerability | QwikSec