Google Assistant in Android 9 Vulnerability: Permissions Bypass and Information Disclosure

Google Assistant in Android 9 Vulnerability: Permissions Bypass and Information Disclosure

CVE-2019-2103 · LOW Severity

AV:L/AC:L/AU:N/C:P/I:N/A:N

In Google Assistant in Android 9, there is a possible permissions bypass that allows the Assistant to take a screenshot of apps with FLAG_SECURE. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Learn more about our Cis Benchmark Audit For Google Android.