Search code, repositories, users, issues, pull requests...
CVE-2024-0044/A-307532206 is a High severity vulnerability in the Android framework that allows attackers with adb access to run arbitrary code under the UID of arbitrary app. It was originally found by Tom Hebb from Meta Red Team X. You can found many articles on exploit this vulnerability on the Internet such as this and this. For more info, check this blog: https://rtx.meta.security/exploitation/2024/03/04/Android-run-as-forgery.html
The patch for this vulnerability is included in the March 2024 Android Security Bulletin, but now I come up with an exploit that bypasses the patch. The new patch is included in October 2024 Android Security Bulletin under the same CVE ID CVE-2024-0044. Android 12-13 devices with security patch level before 2024-10-01 are vulnerable to this issue.
You can see params.installerPackageName will be reset to null if it is not an legal Android package name. However, at the next line, requestedInstallerPackageName can be installerPackageName when params.installerPackageName is null or invalid.
