Plataforma
android
Corrigido em
8.0.1
CVE-2019-1994 is a vulnerability in Android that allows unwanted access to development settings. This flaw resides within the refresh function of DevelopmentTiles.java and stems from an insecure default value. Exploitation requires user interaction and impacts Android versions 8.0 through 9. A patch is available in Android 8.0.1.
The impact of CVE-2019-1994 is primarily related to the exposure of development settings. While not a direct remote code execution vulnerability, gaining access to these settings can allow an attacker to modify system behavior, potentially enabling further attacks or compromising device functionality. An attacker could use these settings to enable debugging features, modify system configurations, or install unauthorized applications. The requirement for user interaction limits the immediate attack surface, but it still presents a risk in scenarios where users are tricked into enabling these settings.
CVE-2019-1994 was published on February 28, 2019. Public proof-of-concept (POC) exploits for this vulnerability are limited. It is not currently listed on KEV or having an EPSS score. The Android ID A-117770924 is associated with this vulnerability.
Status do Exploit
EPSS
0.14% (percentil 34%)
The primary mitigation for CVE-2019-1994 is to upgrade affected Android devices to version 8.0.1 or later. If upgrading is not immediately feasible, educate users about the risks of enabling development settings and restrict access to these settings where possible. Consider implementing device policies that disable or restrict access to development features. After upgrading, confirm the fix by verifying that development settings are properly secured and require authentication.
Actualice a la última versión de Android disponible proporcionada por el fabricante de su dispositivo. Consulte el boletín de seguridad de Android para obtener más detalles.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
It's a vulnerability allowing unwanted access to development settings in Android due to an insecure default value.
If you're running Android 8.0, 8.1, or 9, you are potentially affected by this vulnerability.
Upgrade your Android device to version 8.0.1 or later to patch this vulnerability.
Public exploits are limited, suggesting a lower risk of exploitation.
Refer to the National Vulnerability Database (NVD) entry for CVE-2019-1994 for more technical details.
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.
Envie seu arquivo build.gradle e descubra na hora se você está afetado.