CVE-2024-43087
📋 TL;DR
This vulnerability in Android's AccessibilitySettings allows an attacker to hide an enabled accessibility service from the settings menu through a logic error. This could enable local privilege escalation without requiring additional execution privileges, though user interaction is needed. It affects Android devices with vulnerable versions of the Settings app.
💻 Affected Systems
- Android Settings application
📦 What is this software?
Android by Google
Android by Google
Android by Google
Android by Google
Android by Google
⚠️ Risk & Real-World Impact
Worst Case
An attacker could hide a malicious accessibility service that gains persistent device access, potentially enabling keylogging, screen capture, or other invasive monitoring without user awareness.
Likely Case
Malicious apps could hide their accessibility service permissions from users, maintaining persistence and access to sensitive data after initial user consent.
If Mitigated
With proper app vetting and user awareness, the risk is reduced as exploitation requires user interaction to enable the accessibility service initially.
🎯 Exploit Status
Exploitation requires user interaction to enable the accessibility service initially, then the vulnerability allows hiding it from settings. No public exploit code has been identified.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Android November 2024 security patch or later
Vendor Advisory: https://source.android.com/security/bulletin/2024-11-01
Restart Required: Yes
Instructions:
1. Check for Android system updates in Settings > System > System update. 2. Apply the November 2024 security patch or later. 3. Restart the device after installation.
🔧 Temporary Workarounds
Disable unnecessary accessibility services
androidReview and disable any accessibility services that are not essential to reduce attack surface
Restrict app installation sources
androidOnly install apps from trusted sources like Google Play Store to reduce risk of malicious apps
🧯 If You Can't Patch
- Monitor accessibility service settings regularly for any hidden or unexpected services
- Implement mobile device management (MDM) policies to restrict accessibility service permissions
🔍 How to Verify
Check if Vulnerable:
Check Android security patch level in Settings > About phone > Android version. If patch level is earlier than November 2024, the device is likely vulnerable.Check Version:
Settings > About phone > Android version > Security patch levelVerify Fix Applied:
Verify the security patch level shows November 2024 or later after applying updates. Also check that accessibility services appear correctly in Settings > Accessibility.📡 Detection & Monitoring
Log Indicators:
- Unexpected accessibility service enabling/disabling events
- Settings app crashes or unusual behavior related to accessibility preferences
Network Indicators:
- No direct network indicators as this is a local privilege escalation
SIEM Query:
No standard SIEM query available as this is primarily a device-level vulnerability