Christian Seel

**Name of the Vulnerable Software and Affected Versions** Android versions 5.0.2, 5.1.1, 6.0, 6.0.1 **Description** The issue is related to an elevation of privilege vulnerability in Smart Lock, which could allow a local malicious user to access Smart Lock settings without a PIN. This requires physical access to an unlocked device where Smart Lock was the last settings pane accessed by the user. The vulnerability is related to insufficient access control. **Recommendations** For Android versions 5.0.2, 5.1.1, 6.0, 6.0.1, consider restricting access to the Smart Lock settings to minimize the risk of exploitation. As a temporary workaround, consider disabling the Smart Lock feature until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.