Security experts from the Google Android team have discovered a high severity privilege escalation vulnerability in some of Honeywell Android-based handheld computers that could be exploited by an attacker to gain elevated privileges.
According to the vendor, Honeywell handheld computers combine the advantages of consumer PDAs and high-end industrial mobile computers into a single rugged package.
The rugged devices provide enhanced connectivity, including industry standard 802.11x, Cisco compatibility, and Bluetooth, they are widely adopted in many sectors, including energy, healthcare, critical manufacturing, and commercial facilities.
The US ICS-CERT published a security advisory to warn of the vulnerability that affects several models of Honeywell Android handheld computers, including CT60, CN80, CT40, CK75, CN75, CT50, D75e, CN51, and EDA series.
The affected devices run various Android version between 4.4 and 8.1.
“A vulnerability in a system service on CT60, CN80, CT40, CK75, CN75, CT50, D75e, CN51, and EDA series mobile computers running the Android Operating System (OS) could allow a malicious third-party application to gain elevated privileges.” reads the advisory published by the US ICS-CERT.
The flaw, tracked as CVE-2018-14825, received a CVSS v3 base score of 7.6).
Customers should whitelist trusted applications to avoid malicious apps accessing the devices with high privileges.
An attacker could exploit the flaw to gain elevated privileges and unauthorized access e to sensitive information such as passwords and confidential documents.
“A skilled attacker with advanced knowledge of the target system could exploit this vulnerability by creating an application that would successfully bind to the service and gain elevated system privileges.” continues the advisory.
“This could enable the attacker to obtain access to keystrokes, passwords, personal identifiable information, photos, emails, or business-critical documents.”
[adrotate banner=”9″] | [adrotate banner=”12″] |
(Security Affairs – Honeywell Android-based handheld computers, hacking)
[adrotate banner=”5″]
[adrotate banner=”13″]
U.S. CISA added the Windows Print Spooler flaw CVE-2022-38028 to its Known Exploited Vulnerabilities catalog.…
The U.S. Department of Justice (DoJ) announced the arrest of two co-founders of a cryptocurrency mixer…
Google addressed a critical Chrome vulnerability, tracked as CVE-2024-4058, that resides in the ANGLE graphics…
Nation-state actor UAT4356 has been exploiting two zero-days in ASA and FTD firewalls since November…
A malware campaign has been exploiting the updating mechanism of the eScan antivirus to distribute…
The Treasury Department's Office of Foreign Assets Control (OFAC) sanctioned four Iranian nationals for their…
This website uses cookies.