CVE-2024-24482 – CVE-2024-24482 is a path traversal vulnerabilit... (How to Fix)

Q: What is the severity of CVE-2024-24482?

CVE-2024-24482 has a CVSS score of 9.8 (CRITICAL). CVE-2024-24482 is a path traversal vulnerability in Apktool on Windows that allows attackers to write files outside intended directories using '../' sequences. This affects Windows users running Apktool versions before 2.9.3 for Android APK analysis and modification.

📋 TL;DR

CVE-2024-24482 is a path traversal vulnerability in Apktool on Windows that allows attackers to write files outside intended directories using '../' sequences. This affects Windows users running Apktool versions before 2.9.3 for Android APK analysis and modification.

💻 Affected Systems

Products:

Apktool

Versions: All versions before 2.9.3

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects Windows installations; Linux/macOS versions are not vulnerable. Requires processing of malicious APK files.

📦 What is this software?

Apktool by Apktool

View all CVEs affecting Apktool →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Arbitrary file write leading to system compromise, malware installation, or data destruction through overwriting critical system files.

🟠

Likely Case

Local privilege escalation, arbitrary file creation/modification in user-writable directories, or persistence mechanisms.

🟢

If Mitigated

Limited to user context file operations if proper file permissions and sandboxing are enforced.

🌐 Internet-Facing: LOW - Apktool is typically used locally for APK analysis, not as an internet-facing service.

🏢 Internal Only: MEDIUM - Risk exists when processing untrusted APK files from external sources within internal environments.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires user to process a malicious APK file. Path traversal payloads in APK resources can trigger the vulnerability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.9.3

Vendor Advisory: https://github.com/iBotPeaches/Apktool/security/advisories/GHSA-vgwr-4w3p-xmjv

Restart Required: No

Instructions:

1. Download Apktool 2.9.3 or later from official GitHub releases. 2. Replace existing apktool.jar with new version. 3. Verify installation with 'java -jar apktool.jar --version'.

🔧 Temporary Workarounds

Use Linux/macOS

all

Run Apktool on non-Windows platforms where the vulnerability does not exist

Restrict APK Sources

all

Only process APK files from trusted sources

🧯 If You Can't Patch

Run Apktool in a sandboxed/isolated environment with limited file system access
Implement strict file permission controls to limit write access to non-critical directories

🔍 How to Verify

Check if Vulnerable:

Check Apktool version with 'java -jar apktool.jar --version'. If version is below 2.9.3 and running on Windows, system is vulnerable.

Check Version:

java -jar apktool.jar --version

Verify Fix Applied:

After updating, run 'java -jar apktool.jar --version' to confirm version 2.9.3 or higher.

📡 Detection & Monitoring

Log Indicators:

Unusual file write operations outside expected directories
Apktool processing errors with path traversal patterns

Network Indicators:

Downloads of APK files from untrusted sources followed by Apktool execution

SIEM Query:

Process execution: 'java' with command line containing 'apktool' AND File creation/modification with paths containing '../' sequences

📊 Metadata

CVE ID: CVE-2024-24482

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-22

Published: February 2, 2024

Last Updated: November 21, 2024

🔗 References

https://github.com/iBotPeaches/Apktool/security/advisories/GHSA-vgwr-4w3p-xmjv Exploit,Vendor Advisory
https://github.com/iBotPeaches/Apktool/security/advisories/GHSA-vgwr-4w3p-xmjv Exploit,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-24482, you might also want to check these: