Remote Information Disclosure Vulnerability in Android-10: Exploiting BROWSEABLE Intents to Access Sensitive URLs

Remote Information Disclosure Vulnerability in Android-10: Exploiting BROWSEABLE Intents to Access Sensitive URLs

CVE-2019-9428 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

In the Framework, it is possible to set up BROWSEABLE intents to take over certain URLs. This could lead to remote information disclosure of sensitive URLs with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-110150807

Learn more about our Cis Benchmark Audit For Google Android.