Login Sign Up

CVE-2024-49724

7.0 HIGH

📋 TL;DR

This vulnerability allows attackers to bypass Android permission checks through a race condition in AccountManagerService, enabling unauthorized access to protected activities. It requires user interaction but no additional privileges, affecting Android devices with vulnerable versions. Local attackers could escalate privileges on compromised devices.

💻 Affected Systems

Products:
  • Android
Versions: Android versions prior to January 2025 security patch
Operating Systems: Android
Default Config Vulnerable: ⚠️ Yes
Notes: Affects devices with vulnerable Android versions; requires malicious app installation or physical access

📦 What is this software?

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing unauthorized access to sensitive account data and protected system activities

🟠

Likely Case

Limited privilege escalation allowing access to specific protected activities without proper authorization

🟢

If Mitigated

No impact if patched or proper application sandboxing prevents exploitation

🌐 Internet-Facing: LOW - Requires local access and user interaction
🏢 Internal Only: MEDIUM - Could be exploited by malicious apps or users with physical access

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires race condition exploitation and user interaction; no public exploit details available

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: January 2025 Android Security Patch or later

Vendor Advisory: https://source.android.com/security/bulletin/2025-01-01

Restart Required: No

Instructions:

1. Check for Android system updates in Settings > System > System update. 2. Install January 2025 security patch or later. 3. Verify patch installation in Settings > About phone > Android security patch level.

🔧 Temporary Workarounds

Restrict app installations

Android

Prevent installation of untrusted applications from unknown sources

Settings > Security > Unknown sources (disable)

🧯 If You Can't Patch

  • Implement mobile device management (MDM) with strict app whitelisting
  • Monitor for suspicious app behavior and account access attempts

🔍 How to Verify

Check if Vulnerable:

Check Android security patch level in Settings > About phone > Android security patch level. If before January 2025, device is vulnerable.

Check Version:

adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Confirm Android security patch level shows January 2025 or later date

📡 Detection & Monitoring

Log Indicators:

  • Multiple rapid AccountManagerService permission checks
  • Unauthorized activity launches from unprivileged contexts

Network Indicators:

  • None - local vulnerability only

SIEM Query:

android_logs:AccountManagerService AND (permission_denied OR activity_launch) WITHIN 1s

📊 Metadata

CVE ID: CVE-2024-49724
CVSS v3 Score: 7.0 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-276
EPSS Score: 0.01% exploit probability (0.3th percentile)
Published: January 21, 2025
Last Updated: April 22, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-49724, you might also want to check these:

CVE-2025-40585 9.9

Energy Services solutions using G5DFR contain default credentials, allowing attackers to gain contro...

Same vulnerability type (CWE-276)
CVE-2023-47462 9.8

This vulnerability allows remote attackers to execute arbitrary code on GL.iNet AX1800 routers by ex...

Same vulnerability type (CWE-276)
CVE-2022-41572 9.8

CVE-2022-41572 is a privilege escalation vulnerability in EyesOfNetwork (EON) where nmap can be exec...

Same vulnerability type (CWE-276)