CVE-2016-2426

Name of the Vulnerable Software and Affected Versions Android versions 4.x through 4.4.3 Android versions 5.0.x through 5.0.1 Android versions 5.1.x through 5.1.0 Android versions 6.x before 2016-04-01

Description The issue exists due to a lack of permission check for GET ACCOUNTS in the ContentService.java file within the Framework component. This allows attackers to obtain sensitive information via a crafted application. The exploitation of this issue can enable a remote attacker to gain confidential information using a specially designed application.

Recommendations For Android versions 4.x through 4.4.3, update to version 4.4.4 or later. For Android versions 5.0.x through 5.0.1, update to version 5.0.2 or later. For Android versions 5.1.x through 5.1.0, update to version 5.1.1 or later. For Android versions 6.x before 2016-04-01, ensure your device is updated with the latest security patch released on or after 2016-04-01.