SB2016020705 - Permissions, Privileges, and Access Controls in Google, Google Android
Published: February 7, 2016 Updated: August 9, 2020
Security Bulletin ID
SB2016020705
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Physical access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2016-0812)
The vulnerability allows a local non-authenticated attacker to #BASIC_IMPACT#.
The interceptKeyBeforeDispatching function in policy/src/com/android/internal/policy/impl/PhoneWindowManager.java in Setup Wizard in Android 5.1.x before 5.1.1 LMY49G and 6.0 before 2016-02-01 does not properly check for setup completion, which allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism and delete data via unspecified vectors, aka internal bug 25229538.
Remediation
Install update from vendor's website.