pwnipc / BadParcel

CVE-2023-20963 PoC (Android WorkSource parcel/unparcel logic mismatch)
49 stars 7 forks source link

Actually this poc cannot work on 12, 12L, and 13 #1

Open cxxsheng opened 1 year ago

cxxsheng commented 1 year ago

Safer bundle and APIs changes against Parcel Mismatch exploit were introduced since Android 13, and also checkKeyIntentParceledCorrectly of AccountManagerService.java on 12, 12L and 13 which is much earlier than Android's Security Bulletin of March 2023 can prevent such exploit. This poc cannot bypass those above.

pwnipc commented 6 months ago

That might be accurate, I had pulled the vulnerable versions blindly from the security bulletin. https://source.android.com/docs/security/bulletin/2023-03-01 image

cxxsheng commented 2 days ago

The device model you tested should be 12 or 12L. You can try testing on a device running Android 13 - even before the March 1, 2023 patch, this PoC wouldn't work due to LazyValue. Also, note that Android Security bulletin mentions the "Updated AOSP Version", not the affected versions - there's a little difference between these two.