CVE-2016-5341

Name of the Vulnerable Software and Affected Versions Android versions prior to 2016-12-05

Description The issue is related to the GPS component and is caused by insufficient access control. It allows remote attackers to cause a denial of service, specifically a GPS signal-acquisition delay, by using an incorrect xtra.bin or xtra2.bin file on a spoofed Qualcomm gpsonextra.net or izatcloud.net host.

Recommendations For Android versions prior to 2016-12-05, update to a version released after 2016-12-05 to resolve the issue. As a temporary workaround, consider restricting access to the GPS component to minimize the risk of exploitation. Avoid using the xtra.bin or xtra2.bin files from untrusted sources, especially on spoofed hosts.