CVE-2022-47027 – This vulnerability in Timmystudios Fast Typing ... (How to Fix)

Q: What is the severity of CVE-2022-47027?

CVE-2022-47027 has a CVSS score of 9.8 (CRITICAL). This vulnerability in Timmystudios Fast Typing Keyboard allows unauthorized apps to overwrite arbitrary files in the keyboard's internal storage via a directory traversal flaw, potentially leading to arbitrary code execution. It affects Android users who have installed version 1.275.1.162 of the keyboard app. The high CVSS score of 9.8 indicates critical severity with low attack complexity.

📋 TL;DR

This vulnerability in Timmystudios Fast Typing Keyboard allows unauthorized apps to overwrite arbitrary files in the keyboard's internal storage via a directory traversal flaw, potentially leading to arbitrary code execution. It affects Android users who have installed version 1.275.1.162 of the keyboard app. The high CVSS score of 9.8 indicates critical severity with low attack complexity.

💻 Affected Systems

Products:

Timmystudios Fast Typing Keyboard

Versions: v1.275.1.162

Operating Systems: Android

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects the specific version mentioned; other versions may be unaffected. Requires Android platform with the vulnerable app installed.

📦 What is this software?

Fast Typing Keyboard by Timmystudios

View all CVEs affecting Fast Typing Keyboard →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise through arbitrary code execution, allowing attackers to steal sensitive data, install malware, or gain persistent access.

🟠

Likely Case

Local privilege escalation leading to data theft from the keyboard app and potentially other apps, or installation of malicious payloads.

🟢

If Mitigated

Limited impact if app sandboxing prevents escalation beyond keyboard permissions, though sensitive keyboard data could still be compromised.

🌐 Internet-Facing: LOW

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires a malicious app to be installed on the same device. The directory traversal vulnerability allows file overwrites that can lead to code execution.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown - check Google Play Store for updates

Vendor Advisory: https://corporate.timmystudios.com/

Restart Required: Yes

Instructions:

1. Open Google Play Store. 2. Search for 'Fast Typing Keyboard'. 3. If an update is available, tap 'Update'. 4. Restart your device after updating.

🔧 Temporary Workarounds

Uninstall vulnerable keyboard

android

Remove the vulnerable keyboard app completely to eliminate the risk.

adb uninstall com.jb.gokeyboard.theme.timssfasttypingkeyboard

Disable keyboard permissions

android

Revoke all permissions from the keyboard app to limit potential damage.

adb shell pm revoke com.jb.gokeyboard.theme.timssfasttypingkeyboard android.permission.*

🧯 If You Can't Patch

Use a different keyboard app and uninstall the vulnerable one
Enable Google Play Protect and keep device security settings updated

🔍 How to Verify

Check if Vulnerable:

Check app version in Settings > Apps > Fast Typing Keyboard > App info. If version is 1.275.1.162, you are vulnerable.

Check Version:

adb shell dumpsys package com.jb.gokeyboard.theme.timssfasttypingkeyboard | grep versionName

Verify Fix Applied:

After updating, verify the version is no longer 1.275.1.162. Check Google Play Store for 'Updated' status.

📡 Detection & Monitoring

Log Indicators:

Unusual file access patterns in keyboard app storage
Permission escalation attempts from keyboard context

Network Indicators:

Unexpected network connections originating from keyboard process

SIEM Query:

process_name:"com.jb.gokeyboard.theme.timssfasttypingkeyboard" AND (event_type:"file_write" OR event_type:"permission_escalation")

📊 Metadata

CVE ID: CVE-2022-47027

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-22

Published: April 14, 2023

Last Updated: February 7, 2025

🔗 References

https://corporate.timmystudios.com/ Product
https://github.com/LianKee/SODA/blob/main/CVEs/CVE-2022-47027/CVE%20detail.md Exploit,Third Party Advisory
https://play.google.com/store/apps/details?id=com.jb.gokeyboard.theme.timssfasttypingkeyboard Broken Link
https://corporate.timmystudios.com/ Product
https://github.com/LianKee/SODA/blob/main/CVEs/CVE-2022-47027/CVE%20detail.md Exploit,Third Party Advisory
https://play.google.com/store/apps/details?id=com.jb.gokeyboard.theme.timssfasttypingkeyboard Broken Link

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-47027, you might also want to check these: