2024-11-26
This article describes a vulnerability (CVE-2024-0037) in HarmonyOS that could allow an attacker to view images belonging to a different user.
Vulnerability Analysis:
Platform: HarmonyOS (based on source)
Version: Not specified
Vulnerability: Missing permission check in applyCustomDescription of SaveUi.java
Severity: High (Local Information Disclosure)
Date: Published: 2024-02-15, Last Modified: 2024-11-26
What Undercode Says:
This vulnerability exists due to a missing permission check in the code responsible for handling image descriptions. An attacker could potentially exploit this to view images belonging to other users on the device. This vulnerability is considered high severity as it allows unauthorized access to user data.
Recommendations:
Apply security patches from Huawei when available.
Be cautious about opening untrusted applications.
Disclaimer: This information is for educational purposes only and should not be used for malicious purposes.
References:
Reported By: Nvd.nist.gov
Undercode AI: https://ai.undercodetesting.com
Image Source:
OpenAI: https://openai.com
Undercode AI DI v2: https://ai.undercode.help