SpSoft AppLock (com.sp.protector.free) 7.9.40 for Android allows a local attacker with physical access to bypass fingerprint or PIN authentication. Although the app integrates Android's biometric mechanisms, the lock is implemented with a custom overlay that fails to consistently enforce authentication. By navigating cascading interface flows - insecure navigation through exposed routes facilitates app control evasion {I.N.T.E.R.F.A.C.E] via advertisement or browser intents - an attacker can exit the lock interface without re-authentication and access protected apps (e.g., Chrome). This results in information disclosure and privilege escalation.
Metrics
Affected Vendors & Products
No data.
No data.
No data.
No data.
References
History
Wed, 27 May 2026 16:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | SpSoft AppLock (com.sp.protector.free) 7.9.40 for Android allows a local attacker with physical access to bypass fingerprint or PIN authentication. Although the app integrates Android's biometric mechanisms, the lock is implemented with a custom overlay that fails to consistently enforce authentication. By navigating cascading interface flows - insecure navigation through exposed routes facilitates app control evasion {I.N.T.E.R.F.A.C.E] via advertisement or browser intents - an attacker can exit the lock interface without re-authentication and access protected apps (e.g., Chrome). This results in information disclosure and privilege escalation. | |
| References |
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2026-05-27T15:53:31.978Z
Reserved: 2025-12-24T00:00:00.000Z
Link: CVE-2025-68712
Vulnrichment
No data.
NVD
Status : Received
Published: 2026-05-27T17:16:29.063
Modified: 2026-05-27T17:16:29.063
Link: CVE-2025-68712
Redhat
No data.
OpenCVE Enrichment
No data.