Likely ACE vulnerability when restoring backup #1049

Rudxain · 2024-12-16T11:52:41Z

Describe the bug
If a user restores an arbitrary backup, the backup file could run arbitrary adb shell commands on the Android device.

I originally discovered the vulnerability while refactoring UADNG.

See also Universal-Debloater-Alliance/universal-android-debloater-next-generation#760

Expected behavior
The backup file is supposed to declaratively specify the package states

You have a solution?
Check the cmds in the backup file, and only run each one if it changes the package state.

In the meantime, users should only restore backups they created. Never apply the ones from other users

The text was updated successfully, but these errors were encountered:

Rudxain added the bug Something isn't working label Dec 16, 2024

Rudxain changed the title ~~Likely RCE vulnerability~~ Likely RCE when restoring backup Dec 16, 2024

Rudxain mentioned this issue Dec 16, 2024

bug(backup): Likely ACE vulnerability when restoring backup Universal-Debloater-Alliance/universal-android-debloater-next-generation#760

Open

3 tasks

Rudxain changed the title ~~Likely RCE when restoring backup~~ Likely ACE when restoring backup Dec 31, 2024

Rudxain changed the title ~~Likely ACE when restoring backup~~ Likely ACE vulnerability when restoring backup Dec 31, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Likely ACE vulnerability when restoring backup #1049

Likely ACE vulnerability when restoring backup #1049

Rudxain commented Dec 16, 2024 •

edited

Loading

Likely ACE vulnerability when restoring backup #1049

Likely ACE vulnerability when restoring backup #1049

Comments

Rudxain commented Dec 16, 2024 • edited Loading

Rudxain commented Dec 16, 2024 •

edited

Loading