- CVE-2024-0044 allows a "run-as" attack to be performed, resulting in a local escalation of privileges. This enables an attacker to access private files stored locally by any application on the mobile device, compromising the security guarantees provided by the "Application Sandbox".
- Requires ADB shell access and developer mode enabled on the mobile device.
- Affects Android versions 12, 12L, 13, and 14*.
- Discovered and disclosed by Meta Red Team X in March 2024.
- Security patch released by Google in the Android security bulletin of March 2024.
python cve_2024_0044.py -p target.package.name -a any-app.apk
Tip
For the any-app.apk file, any mobile application can be used, such as F-Droid, for example.