{"uuid": "16c7ba45-ea20-4125-bf8a-49befc98cda5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-0044", "type": "published-proof-of-concept", "source": "https://t.me/androidMalware/2172", "content": "Bypassing the \"run-as\" debuggability check on Android via newline injection (CVE-2024-0044)\nAttack scenario: A local attacker with ADB shell access to an Android 12 or 13 device with Developer Mode enabled can exploit the vulnerability to run code in the context of any non-system-UID app. From there, the attacker can do anything the app can, like access its private data files or read the credentials it\u2019s stored in AccountManager\nhttps://rtx.meta.security/exploitation/2024/03/04/Android-run-as-forgery.html", "creation_timestamp": "2024-04-11T06:00:32.000000Z"}