Security Advisory

CVE-2009-1754

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2009-05-26 15:16:00

Last updated 2024-08-07 05:27:54

Assigner mitre

State PUBLISHED

Description

The PackageManagerService class in services/java/com/android/server/PackageManagerService.java in Android 1.5 through 1.5 CRB42 does not properly check developer certificates during processing of sharedUserId requests at an applications installation time, which allows remote user-assisted attackers to access application data by creating a package that specifies a shared user ID with an arbitrary application.

← Browse all CVEs View on cve.org ↗