CVE-2018-9469

In multiple functions of ShortcutService.java, there is a possible creation of a spoofed shortcut due to a missing permission check. This could lead to local escalation of privilege in a privileged app with no additional execution privileges needed. User interaction is needed for exploitation. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt