CVE-2015-3845

Name of the Vulnerable Software and Affected Versions Android versions prior to 5.1.1 LMY48M

Description The issue is related to the Parcel::appendFrom function in Android's Binder, which does not properly consider parcel boundaries during the identification of binder objects in an append operation. This allows attackers to obtain different application's privileges via a crafted application. The vulnerability is related to insufficient access control to certain functions, which can be exploited by a remote attacker to gain privileges of various applications using a specially crafted application.

Recommendations For Android versions prior to 5.1.1 LMY48M, update to version 5.1.1 LMY48M or later to resolve the issue. As a temporary workaround, consider restricting access to the Parcel::appendFrom function until a patch is available. Avoid using the Parcel::appendFrom function in applications that require high privileges until the issue is resolved.