Now we can get write access to the internal files. Now this doesn't give direct access to the user's files, but it serves as a very dangerous step towards potential other vulnerabilities
More info: https://github.com/flipperdevices/Flipper-Android-App/issues/877
Changes
Now the file name is obtained using File(filename).name, which eliminates the use of the path traversal vulnerability
Background
Now we can get write access to the internal files. Now this doesn't give direct access to the user's files, but it serves as a very dangerous step towards potential other vulnerabilities More info: https://github.com/flipperdevices/Flipper-Android-App/issues/877
Changes
File(filename).name
, which eliminates the use of the path traversal vulnerabilityTest plan
Try run apk from attached issue
Co-authored-by: LiveOverflow liveoverflow@gmail.com