Cyber Resilience

CVE-2024-49742

HighLPE

Published: 21 January 2025

Published
21 January 2025
Modified
22 April 2025
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0004 11.6th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-49742 is a high-severity Improper Privilege Management (CWE-269) vulnerability in Google Android. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 11.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Deeper analysis

CVE-2024-49742 is a vulnerability in the onCreate method of NotificationAccessConfirmationActivity.java within Android's Settings app, stemming from a missing permission check. This flaw allows an app with notification access to be hidden from the Settings interface, potentially enabling local escalation of privilege without requiring additional execution privileges. The issue was published on 2025-01-21 and carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), mapped to CWE-269 (Improper Privilege Management). User interaction is required for exploitation.

A local attacker with low privileges (PR:L) can exploit this vulnerability due to its low attack complexity (AC:L). Successful exploitation enables hiding notification access apps, leading to high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H) through privilege escalation on the affected Android device.

The Android Security Bulletin provides details on mitigation, available at https://source.android.com/security/bulletin/2025-01-01. Security practitioners should apply the recommended patches to address this issue in supported Android versions.

EU & UK References

Vulnerability details

In onCreate of NotificationAccessConfirmationActivity.java , there is a possible way to hide an app with notification access in Settings due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User…

more

interaction is needed for exploitation.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Missing permission check directly enables local privilege escalation (T1068) by allowing hidden notification access apps.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-0023Same product: Google Android
CVE-2025-48645Same product: Google Android
CVE-2026-0029Same product: Google Android
CVE-2025-48613Same product: Google Android
CVE-2018-9375Same product: Google Android
CVE-2026-0032Same product: Google Android
CVE-2024-56192Same product: Google Android
CVE-2025-48602Same product: Google Android
CVE-2026-0124Same product: Google Android
CVE-2024-49738Same product: Google Android

Affected Assets

google
android
12.0, 12.1, 13.0, 14.0, 15.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces approved authorizations for logical access to system resources, directly addressing the missing permission check in NotificationAccessConfirmationActivity that enables unauthorized hiding of notification access apps.

prevent

Restricts privileges to the minimum necessary, mitigating local privilege escalation from improper privilege management (CWE-269) by preventing apps from performing unauthorized actions like self-hiding in Settings.

prevent

Requires identification, reporting, and remediation of flaws like CVE-2024-49742, enabling timely patching as recommended in the Android Security Bulletin to prevent exploitation.

References