CVE-2014-8609

Android < 4.4.4 - Unauthenticated Intent Broadcast via PendingIntent Leak

Title source: llm

Exploitation Summary

EIP tracks 3 public exploits for CVE-2014-8609. PoCs published by ratiros01, MazX0p, locisvv.

AI-analyzed exploit summary This repository contains a functional PoC exploit for CVE-2014-8609, which leverages a PendingIntent vulnerability in Android to execute arbitrary intents with elevated privileges. The exploit demonstrates how a malicious app can trigger a factory reset via the MASTER_CLEAR intent.

Description

The addAccount method in src/com/android/settings/accounts/AddAccountSettings.java in the Settings application in Android before 5.0.0 does not properly create a PendingIntent, which allows attackers to use the SYSTEM uid for broadcasting an intent with arbitrary component, action, or category information via a third-party authenticator in a crafted application, aka Bug 17356824.

Exploits (3)

nomisec WORKING POC

by ratiros01 · poc

https://github.com/ratiros01/CVE-2014-8609-exploit

View Code ZIP pw:eip

This repository contains a functional PoC exploit for CVE-2014-8609, which leverages a PendingIntent vulnerability in Android to execute arbitrary intents with elevated privileges. The exploit demonstrates how a malicious app can trigger a factory reset via the MASTER_CLEAR intent.

Classification

Working Poc 90%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Android (versions affected by CVE-2014-8609)

No auth needed

Prerequisites: Android device with vulnerable PendingIntent implementation · Ability to install the malicious app

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WRITEUP

by MazX0p · poc

https://github.com/MazX0p/CVE-2014-8609-POC

View Code ZIP pw:eip

This repository contains a writeup and a video PoC for CVE-2014-8609, a PendingIntent vulnerability in Android applications. The description is in Arabic and explains how the vulnerability works and how it can be exploited.

Classification

Writeup 80%

Attack Type

Other

Complexity

Moderate

Reliability

Theoretical

Target: Android applications using PendingIntent

No auth needed

Prerequisites: Access to a vulnerable Android application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC

by locisvv · poc

https://github.com/locisvv/Vulnerable-CVE-2014-8609

View Code ZIP pw:eip

This PoC demonstrates CVE-2014-8609, an Android vulnerability where a malicious app can trigger a factory reset via PendingIntent manipulation in the AccountAuthenticatorService. The exploit abuses the 'android.intent.action.MASTER_CLEAR' intent to reset the device.

Classification

Working Poc 90%

Attack Type

Other

Complexity

Moderate

Reliability

Reliable

Target: Android (versions affected by CVE-2014-8609)

No auth needed

Prerequisites: Victim must install the malicious app · App must have AccountAuthenticatorService permissions

MITRE ATT&CK

T1485 - Data Destruction

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit x_refsource_misc

http://packetstormsecurity.com/files/129281/Android-Settings-Pendingintent-Leak.html

Exploit x_refsource_misc

http://xteam.baidu.com/?p=158

Exploit mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2014/Nov/81

Vendor Advisory x_refsource_confirm

https://android.googlesource.com/platform/packages/apps/Settings/+/f5d3e74ecc2b973941d8adbe40c6b23094b5abb7

Scores

EPSS 0.0064

EPSS Percentile 46.0%

Details

CWE

CWE-264

Status published

Products (17)

google/android 4.0

google/android 4.0.1

google/android 4.0.2

google/android 4.0.3

google/android 4.0.4

google/android 4.1

google/android 4.1.2

google/android 4.2

google/android 4.2.1

google/android 4.2.2

... and 7 more

Published Dec 15, 2014

Tracked Since Feb 18, 2026