Preface: What is a malformed URI? The JavaScript exception “malformed URI sequence” occurs when URI encoding or decoding wasn’t successful.
Background: URI definition In computer terms, a Uniform Resource Identifier (URI) is a string used to identify the name of a certain network resource. This identification allows users to interact with any resource (including local and Internet) through specific protocols.
URI is either an absolute URI whose scheme-specific part begins with a slash character, or a relative URI, that is, a URI that does not specify a scheme.
Vulnerability details: In scheme of Uri.java, there is a possible way to craft a malformed Uri object due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Official announcement: Please refer to the vendor announcement for details –