CVE-2023-27191 – This vulnerability in DUALSPACE Super Security ... (How to Fix)

📋 TL;DR

This vulnerability in DUALSPACE Super Security v2.3.7 allows attackers to cause denial of service by manipulating SharedPreference files. It affects Android users who have this specific security app installed. The vulnerability can render the app unusable.

💻 Affected Systems

Products:

DUALSPACE Super Security (Super Security - Virus Cleaner)

Versions: v2.3.7

Operating Systems: Android

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects the specific version 2.3.7 of this Android security application.

📦 What is this software?

Super Security by Dualspace

View all CVEs affecting Super Security →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete denial of service for the Super Security app, preventing users from accessing security features and potentially leaving devices unprotected.

🟠

Likely Case

App crashes or becomes unresponsive, requiring reinstallation to restore functionality.

🟢

If Mitigated

Minimal impact if app is not critical to device operation or if alternative security solutions are available.

🌐 Internet-Facing: LOW - This is a local Android app vulnerability requiring physical or app-level access.

🏢 Internal Only: MEDIUM - Could be exploited by malicious apps on the same device or through social engineering.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires app-level access to manipulate SharedPreference files, which can be achieved by malicious apps or through user interaction.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: No vendor advisory found

Restart Required: No

Instructions:

1. Uninstall DUALSPACE Super Security v2.3.7
2. Check for updated version on Google Play Store or official website
3. Install latest version if available

🔧 Temporary Workarounds

Uninstall vulnerable version

android

Remove the vulnerable app version to eliminate the attack surface

adb uninstall com.ludashi.security

Restrict app permissions

android

Limit app permissions to reduce attack surface

🧯 If You Can't Patch

Use alternative security applications
Monitor for unusual app behavior or crashes

🔍 How to Verify

Check if Vulnerable:

Check app version in Android Settings > Apps > Super Security - Virus Cleaner > App info

Check Version:

adb shell dumpsys package com.ludashi.security | grep versionName

Verify Fix Applied:

Verify app version is no longer 2.3.7 after update or reinstallation

📡 Detection & Monitoring

Log Indicators:

App crash logs related to SharedPreference access
Permission denial errors for com.ludashi.security

Network Indicators:

No network indicators - local vulnerability

SIEM Query:

No SIEM query applicable - local Android app vulnerability

📊 Metadata

CVE ID: CVE-2023-27191

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-400

Published: April 11, 2023

Last Updated: February 11, 2025

🔗 References

http://www.dualspace.com/pc/en/products.html Product
https://apkpure.com/cn/super-security-virus-cleaner/com.ludashi.security Product
https://github.com/LianKee/SODA/blob/main/CVEs/CVE-2023-27191/CVE%20detail.md Exploit,Third Party Advisory
http://www.dualspace.com/pc/en/products.html Product
https://apkpure.com/cn/super-security-virus-cleaner/com.ludashi.security Product
https://github.com/LianKee/SODA/blob/main/CVEs/CVE-2023-27191/CVE%20detail.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-27191, you might also want to check these: