CVE-2024-21633 – CVE-2024-21633 is a path traversal vulnerabilit... (How to Fix)

Q: What is the severity of CVE-2024-21633?

CVE-2024-21633 has a CVSS score of 7.8 (HIGH). CVE-2024-21633 is a path traversal vulnerability in Apktool that allows attackers to write files to arbitrary locations on the system where Apktool runs. This affects users who process untrusted APK files with Apktool versions 2.9.1 and earlier, particularly in environments where attackers can predict user directories or current working paths.

📋 TL;DR

CVE-2024-21633 is a path traversal vulnerability in Apktool that allows attackers to write files to arbitrary locations on the system where Apktool runs. This affects users who process untrusted APK files with Apktool versions 2.9.1 and earlier, particularly in environments where attackers can predict user directories or current working paths.

💻 Affected Systems

Products:

Apktool

Versions: 2.9.1 and prior

Operating Systems: All platforms where Apktool runs (Linux, Windows, macOS)

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability requires processing malicious APK files. Risk increases when Apktool runs with elevated privileges or processes untrusted input.

📦 What is this software?

Apktool by Apktool

View all CVEs affecting Apktool →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through arbitrary file write leading to remote code execution, privilege escalation, or data destruction.

🟠

Likely Case

Local file system manipulation, overwriting configuration files, planting backdoors, or corrupting user data.

🟢

If Mitigated

Limited to writing files only within controlled directories with proper permissions and input validation.

🌐 Internet-Facing: LOW - Apktool is typically used locally or in controlled environments, not directly internet-facing.

🏢 Internal Only: MEDIUM - Risk exists when processing untrusted APK files in development, security testing, or analysis environments.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires crafting malicious APK files with manipulated resource names. The advisory includes technical details that facilitate exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after commit d348c43b24a9de350ff6e5bd610545a10c1fc712

Vendor Advisory: https://github.com/iBotPeaches/Apktool/security/advisories/GHSA-2hqv-2xv4-5h5w

Restart Required: No

Instructions:

1. Update Apktool to version 2.9.2 or later. 2. Download from official GitHub releases. 3. Replace existing Apktool JAR file with patched version.

🔧 Temporary Workarounds

Run Apktool in isolated container

all

Execute Apktool within Docker or similar container with restricted filesystem access

docker run --rm -v $(pwd):/apks -w /apks openjdk:11 java -jar apktool.jar d malicious.apk

Use dedicated low-privilege user

linux

Run Apktool under a non-privileged user account with minimal write permissions

sudo -u apktooluser java -jar apktool.jar d malicious.apk

🧯 If You Can't Patch

Only process APK files from trusted sources with verified integrity
Run Apktool in sandboxed environments with restricted filesystem access

🔍 How to Verify

Check if Vulnerable:

Check Apktool version: java -jar apktool.jar --version. If version is 2.9.1 or earlier, you are vulnerable.

Check Version:

java -jar apktool.jar --version

Verify Fix Applied:

After updating, verify version is 2.9.2 or later. Test with known malicious APK samples in controlled environment.

📡 Detection & Monitoring

Log Indicators:

Unusual file write operations outside expected directories
Apktool process writing to system directories

Network Indicators:

N/A - Local vulnerability

SIEM Query:

Process:apktool AND (FileCreate:*\..* OR FileCreate:*\..*\..*)

📊 Metadata

CVE ID: CVE-2024-21633

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-22

Published: January 3, 2024

Last Updated: November 21, 2024

🔗 References

https://github.com/iBotPeaches/Apktool/commit/d348c43b24a9de350ff6e5bd610545a10c1fc712 Patch
https://github.com/iBotPeaches/Apktool/security/advisories/GHSA-2hqv-2xv4-5h5w Exploit,Patch,Vendor Advisory
https://github.com/iBotPeaches/Apktool/commit/d348c43b24a9de350ff6e5bd610545a10c1fc712 Patch
https://github.com/iBotPeaches/Apktool/security/advisories/GHSA-2hqv-2xv4-5h5w Exploit,Patch,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-21633, you might also want to check these: