The Android system includes components such as Activity, Service, and Broadcast Receiver, as well as an Intent mechanism to aid in application interaction and communication. In the application, intent is in charge of specifying the action, action-related data, and supplementary data. The Android operating system is built on This Intent’s description is in charge of locating the associated component, sending the Intent to the calling component, and finishing the component call.
The local denial of service vulnerability in the Android application is caused by the program’s failure to collect the unusual or malformed data retrieved through Intent. getXXXExtra(), allowing the attacker to deliver such empty, unusual, or malformed data to the target application. In order to fulfill the goal of crashing the program, the attacker provides empty data, and irregular or malformed data to the target application via the intent, causing it to crash.
This general-purpose local denial of service has the potential to cause widespread app denial of service. The attacker’s custom serialized class object being sent into the Intent is primarily responsible for the broad local denial of service vulnerability. The class definition of this serialized class object cannot be retrieved when the caller component gets it. As a consequence, the program fails due to an unknown class exception. A local denial of service vulnerabilities can not only cause security protection and other applications’ protection functions to be bypassed or nullified (such as anti-virus applications, security guards, anti-theft lock screens, and so on) but they can also be used by competitor applications to attack, causing their own applications to crash.
ZOFixer.com security scan helps to find vulnerability in your web application, you can easily use it by registering on our website and activating the 30-day trial.