CVE-2024-31310
📋 TL;DR
This vulnerability in Android's AutofillManagerServiceImpl allows a malicious app to hide an enabled Autofill service from the system settings through improper input validation. This could enable local privilege escalation without requiring additional execution privileges, though user interaction is needed for exploitation. All Android devices running vulnerable versions are affected.
💻 Affected Systems
- Android
📦 What is this software?
Android by Google
Android by Google
Android by Google
Android by Google
⚠️ Risk & Real-World Impact
Worst Case
An attacker could hide a malicious Autofill service, potentially capturing sensitive user data like passwords and credit card information without the user's knowledge, leading to data theft and further system compromise.
Likely Case
A malicious app could hide itself from Autofill service settings, making it harder for users to detect and disable, potentially leading to credential harvesting from other apps.
If Mitigated
With proper security controls and user awareness, the impact is limited as exploitation requires user interaction and the vulnerability only affects Autofill service visibility.
🎯 Exploit Status
Exploitation requires user interaction (such as installing a malicious app) and knowledge of the vulnerability. No public proof-of-concept has been disclosed as of the bulletin date.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Android security patch level June 2024 or later
Vendor Advisory: https://source.android.com/security/bulletin/2024-06-01
Restart Required: Yes
Instructions:
1. Check for system updates in Settings > System > System update. 2. Install the June 2024 Android security patch or later. 3. Reboot the device after installation.
🔧 Temporary Workarounds
Disable Autofill services
androidTemporarily disable all Autofill services to prevent potential exploitation.
Navigate to Settings > System > Languages & input > Advanced > Autofill service > None
Review installed apps
androidRegularly review and uninstall unfamiliar or suspicious apps that request Autofill permissions.
Navigate to Settings > Apps & notifications > See all apps
🧯 If You Can't Patch
- Disable Autofill services entirely in device settings to eliminate the attack surface.
- Implement strict app installation policies, allowing only trusted sources and reviewing app permissions carefully.
🔍 How to Verify
Check if Vulnerable:
Check the Android security patch level in Settings > About phone > Android version. If the patch level is before June 2024, the device is vulnerable.Check Version:
Settings > About phone > Android version (no command-line access required for typical users)Verify Fix Applied:
Verify the security patch level is June 2024 or later in Settings > About phone > Android version.📡 Detection & Monitoring
Log Indicators:
- Unusual Autofill service activity or modifications in system logs, but specific indicators are not detailed in the bulletin.
Network Indicators:
- None - this is a local vulnerability with no network exploitation.
SIEM Query:
Not applicable as this is a local Android vulnerability without standard SIEM logging for mobile devices.🔗 References
- https://android.googlesource.com/platform/frameworks/base/+/74afbb05ca08738f66d82df867bbee66de4884bc
- https://source.android.com/security/bulletin/2024-06-01
- https://android.googlesource.com/platform/frameworks/base/+/74afbb05ca08738f66d82df867bbee66de4884bc
- https://source.android.com/security/bulletin/2024-06-01
