Описание
In multiple functions of AppOpsControllerImpl.java, there is a possible way to record audio without displaying the privacy indicator due to a race condition. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.
In multiple functions of AppOpsControllerImpl.java, there is a possible way to record audio without displaying the privacy indicator due to a race condition. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2025-48548
- https://android.googlesource.com/platform/frameworks/av/+/37e7f808fad105da187b021fb762a66d37c9212a
- https://android.googlesource.com/platform/frameworks/av/+/8c09eb1034cb3b02a66f6c241c0b9c9981998d6f
- https://android.googlesource.com/platform/frameworks/base/+/00344da68fce6ec4f7a1bf36f0ea3797805f00ce
- https://android.googlesource.com/platform/frameworks/base/+/20e363e2225843ff3cc7d6bea05ae2f4db83b408
- https://android.googlesource.com/platform/frameworks/base/+/acbd37d21c2feffb6d64e669b956d59a6062b751
- https://source.android.com/security/bulletin/2025-09-01
Связанные уязвимости
In multiple functions of AppOpsControllerImpl.java, there is a possible way to record audio without displaying the privacy indicator due to a race condition. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.
Уязвимость модуля AppOpsControllerImpl.java операционных систем Android, позволяющая нарушителю повысить свои привилегии и выполнить произвольный код