CVE-2016-2460

Name of the Vulnerable Software and Affected Versions Android versions 4.x through 4.4.3 Android versions 5.0.x through 5.0.1 Android versions 5.1.x through 5.1.0 Android versions 6.x before 2016-05-01

Description The issue is related to the mediaserver in Android, which does not initialize certain data structures correctly. This allows attackers to obtain sensitive information via a crafted application. The problem is associated with the IGraphicBufferConsumer.cpp and IGraphicBufferProducer.cpp objects.

Recommendations For Android versions 4.x through 4.4.3, update to version 4.4.4 or later. For Android versions 5.0.x through 5.0.1, update to version 5.0.2 or later. For Android versions 5.1.x through 5.1.0, update to version 5.1.1 or later. For Android versions 6.x before 2016-05-01, ensure that the device is updated to a version released on or after 2016-05-01.