CVE-2018-9469

HIGH EPSS 0.2%

Published Nov 20, 20241y ago · Modified Jun 17, 20261w ago

7.8 CVSS 3.1

High

Published Nov 20, 2024 1y ago

Last Modified Jun 17, 2026 1w ago

Description

In multiple functions of ShortcutService.java, there is a possible creation of a spoofed shortcut due to a missing permission check. This could lead to local escalation of privilege in a privileged app with no additional execution privileges needed. User interaction is needed for exploitation.

CVSS Details

Base Score

7.8

Exploitability

1.8

Impact

5.9

Vector string

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector Local

Attack Complexity Low

Privileges Required None

User Interaction Required

Scope Unchanged

Confidentiality High

Integrity High

Availability High

Threat Intelligence

EPSS Exploit Probability

0.2% percentile

Exploit & Patch Status

No Known Exploit

Patch Available

Weaknesses 2

CWE-787 Out-of-bounds Write Memory Safety

CWE-862 Missing Authorization Authorization

Affected Products 5

Vendor	Product	Version	Range
google	android	7.1.1	any
google	android	7.1.2	any
google	android	8.0	any
google	android	8.1	any
google	android	9.0	any

References 1

source.android.com https://source.android.com/security/bulletin/2018-09-01

PatchVendor Advisory

Remediation

source.android.com https://source.android.com/security/bulletin/2018-09-01

PatchVendor Advisory