CVE-2021-39743 – This vulnerability in Android's PackageManager ... (How to Fix)

Q: What is the severity of CVE-2021-39743?

CVE-2021-39743 has a CVSS score of 7.8 (HIGH). This vulnerability in Android's PackageManager allows malicious apps to update the last usage time of other packages without proper permission checks. This could enable local privilege escalation attacks where an attacker gains elevated privileges without user interaction. Only Android 12L devices are affected.

📋 TL;DR

This vulnerability in Android's PackageManager allows malicious apps to update the last usage time of other packages without proper permission checks. This could enable local privilege escalation attacks where an attacker gains elevated privileges without user interaction. Only Android 12L devices are affected.

💻 Affected Systems

Products:

Android

Versions: Android 12L only

Operating Systems: Android

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects Android 12L. Earlier versions and Android 13+ are not vulnerable.

📦 What is this software?

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could gain full system-level privileges, potentially accessing sensitive data, installing persistent malware, or disabling security controls.

🟠

Likely Case

Malicious apps could escalate privileges to perform unauthorized actions like accessing protected system resources or other apps' data.

🟢

If Mitigated

With proper app sandboxing and security controls, impact would be limited to the compromised app's context.

🌐 Internet-Facing: LOW - This is a local privilege escalation requiring app installation.

🏢 Internal Only: MEDIUM - Malicious apps could exploit this if installed on corporate devices.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires malicious app installation. No user interaction needed for exploitation once app is installed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Android 12L security updates from March 2022 or later

Vendor Advisory: https://source.android.com/security/bulletin/android-12l

Restart Required: Yes

Instructions:

1. Check for Android system updates in Settings > System > System update. 2. Install the latest security update. 3. Restart the device.

🔧 Temporary Workarounds

Restrict app installations

android

Only allow installation of apps from trusted sources like Google Play Store

Settings > Security > Install unknown apps > Disable for all apps

🧯 If You Can't Patch

Implement mobile device management (MDM) to control app installations
Use Android Enterprise with work profiles to isolate corporate apps

🔍 How to Verify

Check if Vulnerable:

Check Android version in Settings > About phone > Android version. If it shows Android 12L and security patch level is before March 2022, device is vulnerable.

Check Version:

adb shell getprop ro.build.version.release && adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify Android version is 12L with security patch level March 2022 or later in Settings > About phone > Android version.

📡 Detection & Monitoring

Log Indicators:

PackageManager logs showing unauthorized package usage time updates
Security logs showing privilege escalation attempts

Network Indicators:

None - this is a local exploit

SIEM Query:

source="android_logs" AND "PackageManager" AND "lastUsageTime" AND "unauthorized"

📊 Metadata

CVE ID: CVE-2021-39743

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-862

Published: March 30, 2022

Last Updated: November 21, 2024

🔗 References

https://source.android.com/security/bulletin/android-12l Vendor Advisory
https://source.android.com/security/bulletin/android-12l Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-39743, you might also want to check these: