CVE-2015-1541

Name of the Vulnerable Software and Affected Versions Android versions prior to 5.1.1 LMY48I

Description The issue is related to the implementation of AppWidgetServiceImpl in the Android operating system, which has inadequate access control. This can be exploited by a remote attacker to bypass existing access restrictions. The vulnerability can be used to obtain a URI permission by sending an Intent with specific flags, such as FLAG GRANT READ URI PERMISSION or FLAG GRANT WRITE URI PERMISSION, potentially allowing the bypassing of intended restrictions on reading contacts.

Recommendations For Android versions prior to 5.1.1 LMY48I, update to version 5.1.1 LMY48I or later to resolve the issue. As a temporary workaround, consider restricting the use of the AppWidgetServiceImpl service to minimize the risk of exploitation. Avoid using the FLAG GRANT READ URI PERMISSION and FLAG GRANT WRITE URI PERMISSION flags in Intents until the issue is resolved.