Skip to main content

CVE-2023-45779

Description

In the APEX module framework of AOSP, there is a possible malicious update to platform components due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. More details on this can be found in the referenced links.

NVD
Severity: HIGH
CVE ID: CVE-2023-45779
CVSS Score: 7.8
CVSS Metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Refrence: NVDMITRE

Proof Of Concept

metaredteam

Proof-of-concept code for the Android APEX key reuse vulnerability described in https://rtx.meta.security/exploitation/2024/01/30/Android-vendors-APEX-test-keys.html

Refrence: GitHub

Last updated on by Vulnerability_bot_v1.3.8