Unprotected Provider in HeapDumpProvider.java Allows Unauthorized Access to Heap Dumps

Unprotected Provider in HeapDumpProvider.java Allows Unauthorized Access to Heap Dumps

CVE-2021-0693 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

In openFile of HeapDumpProvider.java, there is a possible way to retrieve generated heap dumps from debuggable apps due to an unprotected provider. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-184046948

Learn more about our Cis Benchmark Audit For Google Android.