Google Assistant in Android 9 Vulnerability: Permissions Bypass and Information Disclosure
CVE-2019-2103 · LOW Severity
AV:L/AC:L/AU:N/C:P/I:N/A:N
In Google Assistant in Android 9, there is a possible permissions bypass that allows the Assistant to take a screenshot of apps with FLAG_SECURE. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
Learn more about our Cis Benchmark Audit For Google Android.