Symantec Norton App Lock CVE-2018-18363 Local Security Bypass Vulnerability

Bugtraq ID:	106450
Class:	Design Error
CVE:	CVE-2018-18363
Remote:	No
Local:	Yes
Published:	Jan 09 2019 12:00AM
Updated:	Jan 09 2019 12:00AM
Credit:	Jeffrey Mustard
Vulnerable:	Symantec Norton App Lock 1.3.0.332 Symantec Norton App Lock 1.3.0.329 Symantec Norton App Lock 1.3.0.13 Symantec Norton App Lock 1.2.0.252 Symantec Norton App Lock 1.0.3.186 Symantec Norton App Lock 1.0.2.179 Symantec Norton App Lock 1.0.2.167 Symantec Norton App Lock 1.0.0.99 Symantec Norton App Lock 0
Not Vulnerable:	Symantec Norton App Lock 1.4.0.445

Symantec Norton App Lock CVE-2018-18363 Local Security Bypass Vulnerability

Symantec Norton App Lock for Android is prone to a local security-bypass vulnerability.

Local attackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks.

Norton App Lock versions prior to 1.4.0.445 are vulnerable.

Symantec Norton App Lock CVE-2018-18363 Local Security Bypass Vulnerability

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Symantec Norton App Lock CVE-2018-18363 Local Security Bypass Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

Symantec Norton App Lock CVE-2018-18363 Local Security Bypass Vulnerability

References:

• Norton App Lock - Homepage (Symantec)
  
• Symantec Home Page (Symantec)
  
• SYMSA1473:Norton App Lock Bypass (Symantec)