Lajos Molnar

**Name of the Vulnerable Software and Affected Versions** Android versions 4.4.4 through 8.0 **Description** The issue is related to a remote code execution vulnerability in the Android media framework, specifically in the libstagefright library. This vulnerability is associated with inadequate access control. Exploitation of this issue may allow a remote attacker to execute arbitrary code. **Recommendations** For Android versions 4.4.4 through 8.0, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Android versions 4.x through 4.4.3 Android versions 5.0.x through 5.0.1 Android versions 5.1.x through 5.1.0 Android versions 6.x before 2016-11-01 Android versions 7.0 before 2016-11-01 **Description** An information disclosure issue in libstagefright in Mediaserver could allow a local malicious application to access data outside of its permission levels, potentially accessing sensitive data without permission. **Recommendations** For Android versions 4.x through 4.4.3, update to version 4.4.4 or later. For Android versions 5.0.x through 5.0.1, update to version 5.0.2 or later. For Android versions 5.1.x through 5.1.0, update to version 5.1.1 or later. For Android versions 6.x before 2016-11-01, apply the November 2016 security patch or later. For Android versions 7.0 before 2016-11-01, apply the November 2016 security patch or later.