Missing Permission Check in SyncStatusObserver Allows for User Profile Bypass and Limited Information Disclosure in Android

Missing Permission Check in SyncStatusObserver Allows for User Profile Bypass and Limited Information Disclosure in Android

CVE-2019-9351 · LOW Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

In SyncStatusObserver, there is a possible bypass for operating system protections that isolate user profiles from each other due to a missing permission check. This could lead to local limited information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-128599864

Learn more about our Cis Benchmark Audit For Google Android.