CVE-2024-13916 – Kruger&Matz com.pri.applock Fingerprint PIN Code Exfiltration

CVE ID : CVE-2024-13916

Published : May 30, 2025, 4:15 p.m. | 1 hour, 44 minutes ago

Description : An application “com.pri.applock”, which is pre-loaded on Kruger&Matz smartphones, allows a user to encrypt any application using user-provided PIN code or by using biometric data.
Exposed ”com.android.providers.settings.fingerprint.PriFpShareProvider“ content provider’s public method query() allows any other malicious application, without any granted Android system permissions, to exfiltrate the PIN code.

Vendor did not provide information about vulnerable versions.
Only version (version name: 13, version code: 33) was tested and confirmed to have this vulnerability

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…