| Título | Freedom Factory dGEN1 phone 1 Broken Authorization |
|---|
| Descripción | A broken authorization vulnerability exists in the Android launcher application org.ethosmobile.ethoslauncher on the Freedom Factory dGEN1 phone. An exported service relies on a caller-supplied intent value to identify trusted callers, allowing any local application to spoof authorization and perform privileged launcher modifications.
As a result, unauthorized applications can add, remove, or replace launcher “FakeApp” entries, potentially enabling phishing or user deception. |
|---|
| Fuente | ⚠️ https://gist.github.com/Lytes/a94219fa1de3f5173555d5a3e8058f01 |
|---|
| Usuario | Anonymous User |
|---|
| Sumisión | 2026-02-21 05:56 (hace 4 meses) |
|---|
| Moderación | 2026-03-06 21:53 (14 days later) |
|---|
| Estado | Aceptado |
|---|
| Entrada de VulDB | 349555 [Freedom Factory dGEN1 hasta 20260221 org.ethosmobile.ethoslauncher FakeAppService escalada de privilegios] |
|---|
| Puntos | 20 |
|---|