LatinIME: Fix Implicit PendingIntent Vulnerability - latinime

diff options

author	techyminati <sinha.aryan03@gmail.com>	2024-03-30 19:16:09 +0530
committer	TechyMinati <sinha.aryan03@gmail.com>	2024-06-19 15:26:51 +0000
commit	8064a47f09e2959e26a0ede59ecc08e5754b6e51 (patch)
tree	d303f5551fe79ef39e21eb45102c470379b0af91 /java/src/com/android/inputmethod/latin/utils/TargetPackageInfoGetterTask.java
parent	974aaeb80e6dd5df6717865bbe85376e00921c85 (diff)
download	latinime-8064a47f09e2959e26a0ede59ecc08e5754b6e51.tar.gz latinime-8064a47f09e2959e26a0ede59ecc08e5754b6e51.tar.xz latinime-8064a47f09e2959e26a0ede59ecc08e5754b6e51.zip

LatinIME: Fix Implicit PendingIntent Vulnerability

* checkTimeAndMaybeSetupUpdateAlarm method created an Implicit PendingIntent vulnerability, which may cause security threats in the form of denial-of-service, private data theft, and privilege escalation. * PendingIntents are Intents delegated to another app to be delivered at some future time. Creating an implicit intent wrapped under a PendingIntent is a security vulnerability that might lead to denial-of-service, private data theft, and privilege escalation. * We've used FLAG_IMMUTABLE (added in SDK 23) to create PendingIntents for SDK > 23, This prevents apps that receive the PendingIntent from filling in unpopulated properties & Ensures that PendingIntent is only delivered to trusted components. Test: m Change-Id: I68a1f3f2d81138e42092cc201d36e5d29853a86e Signed-off-by: techyminati <sinha.aryan03@gmail.com>

Diffstat (limited to 'java/src/com/android/inputmethod/latin/utils/TargetPackageInfoGetterTask.java')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: