About Android Framework: Bypass CVE-2022-20338, formed CVE-2024-40662 (11th Sep 2024).

Preface: What is a malformed URI? The JavaScript exception “malformed URI sequence” occurs when URI encoding or decoding wasn’t successful.

Background: URI definition In computer terms, a Uniform Resource Identifier (URI) is a string used to identify the name of a certain network resource. This identification allows users to interact with any resource (including local and Internet) through specific protocols.

URI is either an absolute URI whose scheme-specific part begins with a slash character, or a relative URI, that is, a URI that does not specify a scheme. 

Vulnerability details: In scheme of Uri.java, there is a possible way to craft a malformed Uri object due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Official announcement: Please refer to the vendor announcement for details –

https://www.tenable.com/cve/CVE-2024-40662

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.