SB2016020703 - Permissions, Privileges, and Access Controls in Google, Google Android
Published: February 7, 2016 Updated: August 9, 2020
Security Bulletin ID
SB2016020703
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Physical access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2016-0813)
The vulnerability allows a local non-authenticated attacker to #BASIC_IMPACT#.
packages/SystemUI/src/com/android/systemui/recents/AlternateRecentsComponent.java in Setup Wizard in Android 5.1.x before 5.1.1 LMY49G and 6.x before 2016-02-01 does not properly check for device provisioning, which allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism and delete data via unspecified vectors, aka internal bug 25476219.
Remediation
Install update from vendor's website.