CVE-2019-15373 : Security Advisory and Response
Learn about CVE-2019-15373 affecting Symphony i95 Lite Android device. Unauthorized app access can lead to system property modifications, compromising security.
The Symphony i95 Lite Android device is affected by a vulnerability that allows unauthorized modification of system properties through a pre-installed app.
Understanding CVE-2019-15373
The vulnerability in the Symphony i95 Lite Android device allows any co-located app to modify system properties without proper authorization.
What is CVE-2019-15373?
The vulnerability arises from the com.mediatek.wfo.impl app on the device, enabling unauthorized access to system properties.
The Impact of CVE-2019-15373
This vulnerability can lead to unauthorized changes to critical system settings, potentially compromising the device's security and user data.
Technical Details of CVE-2019-15373
The Symphony i95 Lite Android device with a specific build fingerprint contains the vulnerable com.mediatek.wfo.impl app.
Vulnerability Description
The pre-installed app allows any co-located app to modify system properties without proper authorization.
Affected Systems and Versions
- Device: Symphony i95 Lite Android
- Build Fingerprint: LAVA/iris88_lite/iris88_lite:8.1.0/O11019/1536323070:user/release-keys
- App: com.mediatek.wfo.impl
- Version: 8.1.0
Exploitation Mechanism
Unauthorized apps can exploit the exported interface of the com.mediatek.wfo.impl app to modify system properties.
Mitigation and Prevention
Immediate Steps to Take:
- Disable or uninstall the com.mediatek.wfo.impl app if possible.
- Regularly monitor app permissions and system settings for any unauthorized changes.
Long-Term Security Practices:
- Keep the device's operating system and apps up to date.
- Avoid installing apps from untrusted sources.
Patching and Updates
Ensure the device receives security updates from the manufacturer to address this vulnerability.