what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Open Source CERT Security Advisory 2009.11

Open Source CERT Security Advisory 2009.11
Posted Jul 17, 2009
Authored by Andrea Barisani, Open Source CERT | Site ocert.org

Android, an open source mobile phone platform, improperly checks permissions when applications access the camera and audio resources. All 1.5 GRBxx versions are affected.

tags | advisory
advisories | CVE-2009-2348
SHA-256 | 4b7c6f448acecc2ccbd344ea7c61afdac0b498f3432e5044a92d1cb41fd80890

Open Source CERT Security Advisory 2009.11

Change Mirror Download

#2009-011 Android improper camera and audio permission verification

Description:

Android, an open source mobile phone platform, improperly checks permissions
when applications access the camera and audio resources.

The permissions are Manifest.permission.CAMERA and
Manifest.permission.AUDIO_RECORD respectively.

Normally an Android application is allowed to access the camera and audio
resources only if the user explicitly allows the application to do so. However
if the user installs an application that does not request the permissions then
the application is implicitly allowed to use the device camera and/or
microphone.

Affected version:

Android all 1.5 CRBxx versions (where xx are digits)

Fixed version:

Android 1.5 CBDxx, CRCxx and COCxx (where xx are digits)

Credit: Chris Palmer, iSEC Partners, under contract with Google.

CVE: CVE-2009-2348

Timeline:

2009-07-06: Android Security Team requested assistance from oCERT
2009-07-07: assigned CVE
2009-07-07: Android requests embargo period
2009-07-16: advisory release

References:
http://android.git.kernel.org/?p=platform/frameworks/base.git;a=commit;h=7b7225c8fdbead25235c74811b30ff4ee690dc58
http://android.git.kernel.org/?p=platform/frameworks/base.git;a=commit;h=4d8adefd35efdea849611b8b02d61f9517e47760
http://android.git.kernel.org/?p=platform/packages/apps/Camera.git;a=commit;h=e655d54160e5a56d4909f2459eeae9012e9f187f

Permalink:
http://www.ocert.org/advisories/ocert-2009-011.html

--
Andrea Barisani | Founder & Project Coordinator
oCERT | Open Source Computer Emergency Response Team

<lcars@ocert.org> http://www.ocert.org
0x864C9B9E 0A76 074A 02CD E989 CE7F AC3F DA47 578E 864C 9B9E
"Pluralitas non est ponenda sine necessitate"
Login or Register to add favorites

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close