CVE-2018-9488 – Android - 'zygote->init;' Chain from USB Privilege Escalation
https://notcve.org/view.php?id=CVE-2018-9488
In the SELinux permissions of crash_dump.te, there is a permissions bypass due to a missing restriction. This could lead to a local escalation of privilege, with System privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0 Android-8.1 Android-9.0 Android ID: A-110107376. En los permisos SELinux de crash_dump.te, hay una omisión de permisos debido a la falta de una restricción. • https://www.exploit-db.com/exploits/45379 https://source.android.com/security/bulletin/2018-09-01 • CWE-863: Incorrect Authorization •
CVE-2018-9489 – Android OS WiFi Broadcast Sensitive Data Exposure
https://notcve.org/view.php?id=CVE-2018-9489
When wifi is switched, function sendNetworkStateChangeBroadcast of WifiStateMachine.java broadcasts an intent including detailed wifi network information. This could lead to information disclosure with no execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-77286245. Cuando WiFi está habilitado, la función sendNetworkStateChangeBroadcast de WifiStateMachine.java transmite un intent que incluye información detallada de la red WiFi. • http://www.securitytracker.com/id/1041590 https://wwws.nightwatchcybersecurity.com/2018/08/29/sensitive-data-exposure-via-wifi-broadcasts-in-android-os-cve-2018-9489 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2018-15482
https://notcve.org/view.php?id=CVE-2018-15482
Certain LG devices based on Android 6.0 through 8.1 have incorrect access control for MLT application intents. The LG ID is LVE-SMP-180006. Algunos dispositivos LG basados en Android desde la versión 6.0 hasta la 8.1 tiene un control de acceso incorrecto para los intents de la aplicación MLT. El ID de LG es LVE-SMP-180006. • https://lgsecurity.lge.com/security_updates.html https://www.kryptowire.com/portal/android-firmware-defcon-2018 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2018-14982
https://notcve.org/view.php?id=CVE-2018-14982
Certain LG devices based on Android 6.0 through 8.1 have incorrect access control in the GNSS application. The LG ID is LVE-SMP-180004. Algunos dispositivos LG basados en Android desde la versión 6.0 hasta la 8.1 tiene un control de acceso incorrecto en la aplicación GNSS. El ID de LG es LVE-SMP-180004. • https://lgsecurity.lge.com/security_updates.html • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2018-14981
https://notcve.org/view.php?id=CVE-2018-14981
Certain LG devices based on Android 6.0 through 8.1 have incorrect access control for SystemUI application intents. The LG ID is LVE-SMP-180005. Algunos dispositivos LG basados en Android desde la versión 6.0 hasta la 8.1 tiene un control de acceso incorrecto para los intents de la aplicación SystemUI. El ID de LG es LVE-SMP-180005. • https://lgsecurity.lge.com/security_updates.html • CWE-732: Incorrect Permission Assignment for Critical Resource •