Skip to content

Mobile phone and tablet security updates

CVE Vulnerability description Vulnerability affects
CVE-2026-0050 In handleBondStateChanged of AdapterService.java, there is a possible sensitive information disclosure due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Successful exploitation of this vulnerability could lead to a breach of confidentiality.
CVE-2026-0024 In isRedactionNeededForOpenViaContentResolver of MediaProvider.java, there is a possible way to reveal the location of media due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Successful exploitation of this vulnerability could lead to a breach of confidentiality.
CVE-2026-0020 In processLaunchBrowser of CommandParamsFactory.java, there is a possible browser interaction from the lockscreen due to improper locking. This could lead to physical escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Successful exploitation of this vulnerability could lead to a breach of confidentiality.
CVE-2025-48618 In processLaunchBrowser of CommandParamsFactory.java, there is a possible browser interaction from the lockscreen due to improper locking. This could lead to physical escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Successful exploitation of this vulnerability could lead to a breach of confidentiality.
CVE-2025-48614 In rebootWipeUserData of RecoverySystem.java, there is a possible way to factory reset the device while in DSU mode due to a missing permission check. This could lead to physical denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Successful exploitation of this vulnerability could lead to a breach of confidentiality.
CVE-2025-32348 In multiple locations, there is a possible background activity launch due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Successful exploitation of this vulnerability could lead to a breach of confidentiality.
CVE-2025-48533 In multiple locations, there is a possible way to use apps linked from a context menu of a lockscreen app due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Successful exploitation of this vulnerability could lead to a breach of confidentiality.
```

Cart (0)

10% off for your first order. Use code NEW

You're $999.00 away from 15% off!

Your cart is currently empty!

You may like...
Add a note to your order
Add gift wrapping
[Pre-Sale]DOOGEE Anywise W1 AI Waterproof Sport Smartwatch doogee.com

Wrap as gifts the items in the cart for only only $125.99

Wishlist (0)

Countries