CVE-2024-13916

Summary

An application "com.pri.applock", which is pre-loaded on Kruger&Matz smartphones, allows a user to encrypt any application using user-provided PIN code or by using biometric data. Exposed ”com.android.providers.settings.fingerprint.PriFpShareProvider“ content provider's public method query() allows any other malicious application, without any granted Android system permissions, to exfiltrate the PIN code.

Only version (version name: 13, version code: 33) was tested and confirmed to have this vulnerability. Application update was released in April 2025.

Affected Software

VendorProductVersion RangeStatus
Kruger&Matzcom.pri.applock13affected

Weaknesses

  • CWE-926: CWE-926 Improper Export of Android Application Components

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References