CVE-2016-3749

Name of the Vulnerable Software and Affected Versions Android versions prior to 2016-07-01

Description The issue is related to errors in handling registration data in the LockSettingsService component. It allows attackers to modify the screen-lock password or pattern via a crafted application. This can be exploited by a local attacker to change the screen lock settings.

Recommendations For Android versions prior to 2016-07-01, consider restricting the use of the LockSettingsService until a fix is available. As a temporary workaround, avoid using potentially vulnerable screen lock settings to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.