CVE-2024-43765
Published: 21 January 2025
Summary
CVE-2024-43765 is a high-severity Incorrect Default Permissions (CWE-276) vulnerability in Google Android. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 15.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2024-43765 is a vulnerability affecting Android that enables access to a folder through a tapjacking/overlay attack in multiple locations. This flaw could result in local escalation of privilege, requiring user execution privileges. It is rated with a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H) and maps to CWE-276 (Incorrect Default Permissions). The vulnerability was published on 2025-01-21.
A local attacker possessing low privileges (PR:L) can exploit this issue with low attack complexity to achieve local escalation of privilege. Although the CVSS vector specifies no user interaction (UI:N), the description notes that user interaction is needed for exploitation. Successful exploitation grants high impacts on confidentiality, integrity, and availability.
The Android security bulletin at https://source.android.com/security/bulletin/2025-01-01 details patches and mitigation measures for this vulnerability.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-40293
Vulnerability details
In multiple locations, there is a possible way to obtain access to a folder due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct local privilege escalation via exploitation of incorrect default permissions (CWE-276) using overlay/tapjacking.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly remediates the Android-specific tapjacking vulnerability enabling folder access and local privilege escalation through timely patching as detailed in the security bulletin.
Enforces approved authorizations for access to the vulnerable folder, directly countering the incorrect default permissions (CWE-276) exploited via overlay attacks.
Limits the impact of local privilege escalation by ensuring only minimal privileges are granted to processes, reducing damage from successful folder access.