CVE-2016-6769

Name of the Vulnerable Software and Affected Versions Android versions 5.0.2, 5.1.1, 6.0, 6.0.1

Description The issue is related to an elevation of privilege vulnerability in Smart Lock, which could allow a local malicious user to access Smart Lock settings without a PIN. This requires physical access to an unlocked device where Smart Lock was the last settings pane accessed by the user. The vulnerability is related to insufficient access control.

Recommendations For Android versions 5.0.2, 5.1.1, 6.0, 6.0.1, consider restricting access to the Smart Lock settings to minimize the risk of exploitation. As a temporary workaround, consider disabling the Smart Lock feature until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.