CVE-2014-8609
The addAccount method in src/com/android/settings/accounts/AddAccountSettings.java in the Settings application in Android before 5.0.0 does not properly create a PendingIntent, which allows attackers to use the SYSTEM uid for broadcasting an intent with arbitrary component, action, or category information via a third-party authenticator in a crafted application, aka Bug 17356824.
| Software | From | Fixed in |
|---|---|---|
| google / android | 4.2 | 4.2.x |
| google / android | 4.1 | 4.1.x |
| google / android | 4.0.2 | 4.0.2.x |
| google / android | 4.4.3 | 4.4.3.x |
| google / android | 4.0.4 | 4.0.4.x |
| google / android | 4.3 | 4.3.x |
| google / android | 4.0.1 | 4.0.1.x |
| google / android | 4.2.1 | 4.2.1.x |
| google / android | 4.0.3 | 4.0.3.x |
| google / android | 4.0 | 4.0.x |
| google / android | 4.4 | 4.4.x |
| google / android | 4.4.1 | 4.4.1.x |
| google / android | - | 4.4.4.x |
| google / android | 4.2.2 | 4.2.2.x |
| google / android | 4.3.1 | 4.3.1.x |
| google / android | 4.4.2 | 4.4.2.x |
| google / android | 4.1.2 | 4.1.2.x |
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime