Information Disclosure via AEE extension to debuggerd
Description
Huawei is a company that provides networking and telecommunications equipment.
The AEE (Android Exception Enhancement) extension in the debuggerd daemon leaks sensitive information such as screenshots, the address space of any process, kernel and system logs, and other information about the current state of the system. A malicious Android application, or any other user on the device, could abuse this to disclose sensitive data or develop further attacks against the device itself.
Impact
Exploitation of this issue could allow any user to disclose sensitive information, which can then be used to develop further attacks or to steal confidential data such as screenshots or application logs.
Cause
Lack of privilege validation on the @com.mtk.aee.aed and @com.mtk.aee.aed_64 unix sockets.
Solution
This vulnerability was resolved by Huawei in version TIT-L01C576B120. More information can be found on the Huawei web page: http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170804-01-smartphone-en
Technical Details
Please refer to the attached advisory.