CVE-2024-48336

Published
View on NVD ↗
CVSS v3
8.4
HIGH
CVSS v2
N/A
Affected
2
PROJECTS

Description

The install() function of ProviderInstaller.java in Magisk App before canary version 27007 does not verify the GMS app before loading it, which allows a local untrusted app with no additional privileges to silently execute arbitrary code in the Magisk app and escalate privileges to root via a crafted package, aka Bug #8279. User interaction is not needed for exploitation.

canyie/MagiskEoP
canyie/MagiskEoP
Exploit and writeup for installed app to root privilege escalation through CVE-2024-48336 (Magisk Bug #8279), Privileges Escalation / Arbitrary Code Execution Vulnerability
GitHubGitHub
205
topjohnwu/Magisk
topjohnwu/Magisk
The Magic Mask for Android
GitHubGitHub
61.2K