CVE-2013-6271

Name of the Vulnerable Software and Affected Versions Android versions 4.0 through 4.3

Description The issue allows attackers to bypass intended access restrictions and remove device locks via a crafted application. This is achieved by invoking the updateUnlockMethodAndFinish method in the com.android.settings.ChooseLockGeneric class with the PASSWORD QUALITY UNSPECIFIED option.

Recommendations For Android versions 4.0 through 4.3, as a temporary workaround, consider restricting the use of the com.android.settings.ChooseLockGeneric class until a patch is available. Avoid using the PASSWORD QUALITY UNSPECIFIED option in the updateUnlockMethodAndFinish method to minimize the risk of exploitation.