CVE-2019-15360 : What You Need to Know

The Hisense U965 Android device is affected by a vulnerability that allows unauthorized modification of system properties through a pre-installed app.

Understanding CVE-2019-15360

This CVE involves a specific build fingerprint on the Hisense U965 Android device and a pre-installed app that enables unauthorized system property alterations.

What is CVE-2019-15360?

The vulnerability in the Hisense U965 Android device allows any co-located app to modify system properties without proper authorization.

The Impact of CVE-2019-15360

The vulnerability poses a risk of unauthorized access and potential misuse of system resources on the affected device.

Technical Details of CVE-2019-15360

The technical aspects of the CVE-2019-15360 vulnerability are as follows:

Vulnerability Description

The Hisense U965 Android device with a specific build fingerprint contains a pre-installed app that permits unauthorized modification of system properties.

Affected Systems and Versions

Product: Hisense U965 Android device
Vendor: Hisense
Versions:
Build fingerprint: Hisense/U965_4G_10/HS6739MT:8.1.0/O11019/Hisense_U965_4G_10_S01:user/release-keys
Pre-installed app: com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0)

Exploitation Mechanism

The vulnerability allows any app on the same device to alter system properties using an exported interface without proper authorization.

Mitigation and Prevention

To address CVE-2019-15360, consider the following steps:

Immediate Steps to Take

Monitor app permissions and restrict unnecessary access.
Regularly update the device's firmware and security patches.

Long-Term Security Practices

Implement app whitelisting to control app installations.
Conduct regular security audits and penetration testing.

Patching and Updates

Apply security updates provided by the device manufacturer.