CVE-2019-15356

Name of the Vulnerable Software and Affected Versions Lava Flair Z1 Android device with a build fingerprint of LAVA/Z1/Z1:8.1.0/O11019/1536680131:user/release-keys

Description The issue concerns a pre-installed app with a package name of com.mediatek.wfo.impl that allows any app co-located on the device to modify a system property through an exported interface without proper authorization.

Recommendations For the Lava Flair Z1 Android device with the specified build fingerprint, consider restricting access to the com.mediatek.wfo.impl app to minimize the risk of exploitation. As a temporary workaround, disabling the app's exported interface may help prevent unauthorized modification of system properties. At the moment, there is no information about a newer version that contains a fix for this issue.