| Titel | Freedom Factory dGEN1 phone 1 Broken Authorization |
|---|
| Beschreibung | A broken authorization vulnerability exists in the Android launcher application org.ethosmobile.ethoslauncher on the Freedom Factory dGEN1 phone. An exported ContentProvider relies on a caller-supplied value to identify trusted callers, allowing any local application to spoof authorization and directly manipulate launcher entries.
As a result, unauthorized applications can view, add, modify, or remove launcher “FakeApp” entries, potentially enabling phishing and user deception. |
|---|
| Quelle | ⚠️ https://gist.github.com/Lytes/571902a31a3d543da009554a82f2d00c |
|---|
| Benutzer | Anonymous User |
|---|
| Einreichung | 21.02.2026 05:58 (vor 2 Monaten) |
|---|
| Moderieren | 06.03.2026 22:15 (14 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 349570 [Freedom Factory dGEN1 bis 20260221 org.ethosmobile.ethoslauncher FakeAppProvider erweiterte Rechte] |
|---|
| Punkte | 20 |
|---|