Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
LatinIME: Fix Implicit PendingIntent Vulnerability
* checkTimeAndMaybeSetupUpdateAlarm method created an Implicit PendingIntent vulnerability, which may cause security threats in the form of denial-of-service, private data theft, and privilege escalation. * PendingIntents are Intents delegated to another app to be delivered at some future time. Creating an implicit intent wrapped under a PendingIntent is a security vulnerability that might lead to denial-of-service, private data theft, and privilege escalation. * We've used FLAG_IMMUTABLE (added in SDK 23) to create PendingIntents for SDK > 23, This prevents apps that receive the PendingIntent from filling in unpopulated properties & Ensures that PendingIntent is only delivered to trusted components. Test: m Google: 3019664 Change-Id: I68a1f3f2d81138e42092cc201d36e5d29853a86e Signed-off-by: techyminati <[email protected]> Signed-off-by: Pranav Vashi <[email protected]> Signed-off-by: Pranav Temkar <[email protected]>
- Loading branch information