A high-severity vulnerability in a permission-checking function could allow an application to gain unauthorized cross-user interaction capabilities, leading to privilege escalation.

An unspecified flaw exists in the hasInteractAcrossUsersFullPermission function within the AppInfoBase component. This indicates a logic error in the code that verifies whether an application has the high-privilege permission to interact with other user accounts on a multi-user system, potentially allowing this check to be bypassed.

A malicious or compromised application could exploit this flaw to break the security boundary between user accounts on a shared device. This would allow the app to access data from other user profiles, interfere with their applications, or perform actions on their behalf, leading to a major breach of privacy and potential privilege escalation. The CVSS score of 7.8 (High) reflects the severity of breaking user isolation.

Immediate Action: Apply the security update from the vendor that corrects the logic in the permission validation function.

Proactive Monitoring: On multi-user systems, monitor for any anomalous cross-user process interactions or file access attempts that violate the intended security policy.

Compensating Controls: Limit the installation of third-party applications on shared, multi-user devices. Regularly review application permissions to ensure none have been granted excessive privileges.

Public Exploit Available: false

This vulnerability poses a serious threat to user data privacy and security on multi-user systems. It is imperative that administrators deploy the vendor-provided patch immediately to restore the integrity of the user separation security model.