Open cxxsheng opened 1 year ago
That might be accurate, I had pulled the vulnerable versions blindly from the security bulletin. https://source.android.com/docs/security/bulletin/2023-03-01
The device model you tested should be 12 or 12L. You can try testing on a device running Android 13 - even before the March 1, 2023 patch, this PoC wouldn't work due to LazyValue. Also, note that Android Security bulletin mentions the "Updated AOSP Version", not the affected versions - there's a little difference between these two.
Safer bundle and APIs changes against Parcel Mismatch exploit were introduced since Android 13, and also
checkKeyIntentParceledCorrectly
ofAccountManagerService.java
on 12, 12L and 13 which is much earlier than Android's Security Bulletin of March 2023 can prevent such exploit. This poc cannot bypass those above.