CVE-2019-2103

Summary

In Google Assistant in Android 9, there is a possible permissions bypass that allows the Assistant to take a screenshot of apps with FLAG_SECURE. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Software

VendorProductVersion RangeStatus
n/aAndroidAndroid-9affected

Weaknesses

  • Information disclosure

ADP Enrichment

CVE Program Container

Additional References

References