CVE-2018-9489 Allows Permission Checks Bypass, Only Fixed in Android P

CVE-2018-9489 is the identifier of a brand new security flaw affecting Android. The vulnerability allows malicious apps to bypass permission checks and is also easily obtaining access to read more information. This could enable malware to track device location, among other things.

CVE-2018-9489: Technical Overview

The flaw was discovered by Nightwatch Cybersecurity, who wrote that “all versions of Android running on all devices are believed to be affected including forks (such as Amazon’s FireOS for the Kindle)”. Apparently, Google has fixed the flaw in Android P / 9 but doesn’t plan to fix older versions. So, the only mitigation for now is for users to upgrade to Android P / 9 or later.

According to the researchers, further research is definitely needed to determine whether the flaw is actively exploited in the wild. It should also be noted that malicious apps can listen to system broadcasts to bypass permission checks and get access to specific device details, and this is indeed how CVE-2018-9489 can be exploited.

The vulnerability was first reported to Google in March, with Google developing a fix only for its most recent Android version.

As mentioned in the research quote above, the flaw can read a range of details such as Wi-Fi network name, local IP address, DNS server information, as well as MAC address, with the following specification:

Because MAC addresses do not change and are tied to hardware, this can be used to uniquely identify and track any Android device even when MAC address randomization is used. The network name and/or BSSID can be used to geolocate users via a lookup against a database like WiGLE or SkyHook. Other networking information can be used by rogue apps to further explore and attack the local WiFi network.

*** This is a Security Bloggers Network syndicated blog from How to, Technology and PC Security Forum | authored by Milena Dimitrova. Read the original post at: