CVE-2016-2449

Name of the Vulnerable Software and Affected Versions Android versions 4.x through 4.4.4 Android versions 5.0.x through 5.0.2 Android versions 5.1.x through 5.1.1 Android versions 6.x before 2016-05-01

Description The issue exists due to a lack of validation of template IDs in the Camera3Device.cpp function of the mediaserver component in the Android operating system. This can be exploited by a remote attacker using a specially crafted application to gain elevated privileges. The exploitation can result in obtaining Signature or SignatureOrSystem access.

Recommendations For Android versions 4.x through 4.4.4, update to version 4.4.4 or later. For Android versions 5.0.x through 5.0.2, update to version 5.0.2 or later. For Android versions 5.1.x through 5.1.1, update to version 5.1.1 or later. For Android versions 6.x before 2016-05-01, update to a version released on or after 2016-05-01.