←back to thread

Google confirms Android attacks; no fix for most Samsung users

(www.forbes.com)
208 points mohi-kalantari | 1 comments | 08 Dec 25 16:32 UTC | HN request time: 0.203s | source
Show context
RadiozRadioz ◴[08 Dec 25 19:23 UTC] No.46196472[source]
I'm really struggling to find any concrete information about what this vulnerability actually is. Does anyone know where to look for a good summary?
replies(3): >>46196522 #>>46196621 #>>46197224 #
1. jfindper ◴[08 Dec 25 19:37 UTC] No.46196621[source]
>[...] there is a possible way to launch activities from the background due to a permissions bypass.

https://www.cve.org/CVERecord?id=CVE-2025-48572

https://android.googlesource.com/platform/frameworks/base/+/...

https://android.googlesource.com/platform/frameworks/base/+/...

>"In hasAccountsOnAnyUser of DevicePolicyManagerService.java, there is a possible way to add a Device Owner after provisioning due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed."

https://www.cve.org/CVERecord?id=CVE-2025-48633

https://android.googlesource.com/platform/frameworks/base/+/...