In ACE2 ColorOS11, the attacker can obtain the foreground package name through permission promotion, resulting in user information disclosure.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NOppo Ace2
HWOppowszystkie wersjeOppo Coloros
OSOppo11
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Powiązane podatności
CVE-2020-11829CRITICAL9.8ten sam produkt
Dynamic loading of services in the backup and restore SDK leads to elevated privileges, affected product is co...
CVE-2023-26310HIGH7.4ten sam produkt
There is a command injection problem in the old version of the mobile phone backup app.
CVE-2021-23244HIGH7.8ten sam produkt
ColorOS pregrant dangerous permissions to apps which are listed in a whitelist xml named default-grant-permiss...
CVE-2020-11828HIGH7.5ten sam produkt
In ColorOS (oppo mobile phone operating system, based on AOSP frameworks/native code position/services/surface...
CVE-2024-1608CRITICAL9.1PL ✓ten sam vendor
Privilege escalation w OPPO Usercenter Credit SDK — wyciek danych aplikacji