Affected configuration(s):


Date published: 2017-07-07T13:29:00.200-04:00

Date last modified: 2017-07-13T08:35:06.007-04:00

CVSS Score: 6.9

Principal attack vector: LOCAL

Complexity:  MEDIUM

Reference URL:

Summary: Race condition in the bindBackupAgent method in the ActivityManagerService in Android 4.4.4 allows local users with adb shell access to execute arbitrary code or any valid package as system by running “pm install” with the target apk, and simultaneously running a crafted script to process logcat’s output looking for a dexopt line, which once found should execute bindBackupAgent with the uid member of the ApplicationInfo parameter set to 1000.


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.