Three security vulnerabilities have been disclosed in preloaded Android applications on smartphones from Ulefone and Krüger&Matz that could enable any app installed on the device to perform a factory reset and encrypt an application.
A brief description of the three flaws is as follows –
- CVE-2024-13915 (CVSS score: 6.9) – A pre-installed “com.pri.factorytest” application on Ulefone and Krüger&Matz smartphones exposes a “com.pri.factorytest.emmc.FactoryResetService” service that allows any installed application to perform a factory reset of the device.
- CVE-2024-13916 (CVSS score: 6.9) – A pre-installed “com.pri.applock” application on Kruger&Matz smartphones allows a user to encrypt any application using…