Logic Error in startInstall of UpdateFetcher.java Allows for Malicious Config Update and Local Privilege Escalation

Logic Error in startInstall of UpdateFetcher.java Allows for Malicious Config Update and Local Privilege Escalation

CVE-2024-0014 · Severity

In startInstall of UpdateFetcher.java, there is a possible way to trigger a malicious config update due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Learn more about our User Device Pen Test.