Stéphane Marques

**Name of the Vulnerable Software and Affected Versions** Android versions 6.0 through 7.1.1 **Description** The issue is related to an information disclosure problem in the AOSP Messaging component of the Android operating system, which is caused by a lack of protection for internal data. This could allow a remote attacker, using a specially crafted file, to access data beyond their permission levels. The problem is considered moderate because it could be used to access sensitive data without proper authorization. **Recommendations** For Android versions 6.0 through 7.1.1, update to a version that includes the fix for this issue to prevent potential data access beyond permission levels.

**Name of the Vulnerable Software and Affected Versions** Android versions 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1 **Description** The issue is related to insufficient access control in the Location Manager component of the Android operating system. It allows a remote attacker to bypass the operating system's protections, potentially leading to the generation of inaccurate location data. This could be exploited by a local malicious application. **Recommendations** For versions 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, update to a version that includes the fix for Android ID: A-33091107 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.