Medium

Android Framework Audio Service Bluetooth MAC Address Disclosure

IdentifiersCVE-2024-0028CWE-862· Missing Authorization

CVE-2024-0028 is a high-severity vulnerability in the Android Framework component, specifically in Audio Service, caused by a missing permission check. According to the provided description, the flaw allows access to MAC addresses of nearby Bluetooth devices without the required authorization. The issue is characterized in the source material as an information disclosure vulnerability, and the underlying weakness is consistent with missing authorization enforcement on access to sensitive device-discovery data. The bulletin context indicates the issue was addressed in Android 16 and that devices with security patch level 2025-07-01 or later are protected.

For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial

ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation allows disclosure of MAC addresses of nearby Bluetooth devices to a local attacker without requiring additional execution privileges or user interaction. Exposure of nearby Bluetooth hardware identifiers can leak sensitive environmental and device-proximity information and may aid tracking, profiling, or follow-on attacks that rely on knowledge of nearby devices. The provided description also states this could lead to local escalation of privilege.

Mitigation

If you can’t patch tonight, do this now.

Where immediate patching is not possible, reduce exposure by limiting installation and execution of untrusted local applications, since the issue is locally exploitable. Standard Android platform protections and Google Play Protect may reduce the likelihood of exploitation, as noted in the bulletin context, but they are not a substitute for patching. The definitive mitigation is to deploy the vendor or AOSP security update containing the missing permission check.

Remediation

Patch, then assume compromise.

Apply the Android fix for CVE-2024-0028 by updating affected devices to Android 16 with security patch level 2025-07-01 or later, or to a vendor build that includes the corresponding Framework patch. The provided context states that source code patches were to be released through AOSP as part of Android 16.

PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType

GoogleAndroidoperating_system

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

2 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

2 SOURCESView more in app

zeropath blogNews

Sep 5, 2025

Android Skia Heap Buffer Overflow (CVE-2025-32318): Brief Summary and Patch Guidance - ZeroPath Blog | ZeroPath

An information disclosure vulnerability in the Android Framework component addressed in the Android 16 release.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.

Start free trial

Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES

MITRE CVE

cve.org · CVE-2024-0028

NVD

nvd.nist.gov/vuln/detail/CVE-2024-0028

MITRE CWE · CWE-862

Missing Authorization

Vendor Advisory

source.android.com/security/bulletin/android-16