Google · Android · CVE-2016-3917
**Name of the Vulnerable Software and Affected Versions**
Android versions 6.0.1 before 2016-10-01
Android versions 7.0 before 2016-10-01
**Description**
The issue concerns the fingerprint login feature, which fails to track the user account during authentication. This allows physically proximate attackers to authenticate as an arbitrary user by leveraging lockscreen access.
**Recommendations**
For Android versions 6.0.1 before 2016-10-01, update to a version released after 2016-10-01 to resolve the issue.
For Android versions 7.0 before 2016-10-01, update to a version released after 2016-10-01 to resolve the issue.