CVE-2023-45779
HIGHAndroid APEX Module Framework - Local Privilege Escalation via Improper Cryptographic Validation
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2023-45779. PoCs published by metaredteam.
AI-analyzed exploit summary This repository contains functional exploit code and scripts to detect and exploit Android devices with APEX files signed using test keys. It includes tools to unpack, modify, and repack APEX files, as well as a library to demonstrate code execution.
Description
In the APEX module framework of AOSP, there is a possible malicious update to platform components due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. More details on this can be found in the referenced links.
Exploits (1)
This repository contains functional exploit code and scripts to detect and exploit Android devices with APEX files signed using test keys. It includes tools to unpack, modify, and repack APEX files, as well as a library to demonstrate code execution.
References (4)
Scores
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H