Michał Bednarski

**Name of the Vulnerable Software and Affected Versions** SemIWCMonitor versions prior to SMR Jun-2022 Release 1 **Description** The issue allows local attackers to expose information, specifically MAC address information. **Recommendations** For SemIWCMonitor versions prior to SMR Jun-2022 Release 1, update to SMR Jun-2022 Release 1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** LSOItemData versions prior to SMR Jun-2022 Release 1 **Description** The issue is related to improper validation in LSOItemData, which allows attackers to launch certain activities. **Recommendations** For versions prior to SMR Jun-2022 Release 1, update to SMR Jun-2022 Release 1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** KfaOptions versions prior to SMR Jun-2022 Release 1 **Description** The issue is related to improper validation in KfaOptions, which can be exploited by attackers to launch certain activities. **Recommendations** For versions prior to SMR Jun-2022 Release 1, update to SMR Jun-2022 Release 1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** FeedsInfo versions prior to SMR Jun-2022 Release 1 **Description** The issue is related to improper validation in FeedsInfo, allowing attackers to launch certain activities. **Recommendations** For versions prior to SMR Jun-2022 Release 1, update to SMR Jun-2022 Release 1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** RemoteViews versions prior to SMR Jun-2022 Release 1 **Description** The issue is related to improper validation in RemoteViews, which can be exploited by attackers to launch certain activities. **Recommendations** For versions prior to SMR Jun-2022 Release 1, update to SMR Jun-2022 Release 1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Android versions 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 **Description** An information disclosure issue in the Framework APIs could allow a local malicious application to bypass operating system protections, potentially gaining access to data that the application does not have access to. This issue is considered High severity. **Recommendations** For Android versions 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Android versions 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0 **Description** The issue is related to insufficient access control in the Framework API of the Android operating system. It allows a remote attacker to compromise information confidentiality. This vulnerability can also enable a local malicious application to access system functions beyond its access level, bypassing restrictions on a constrained process. **Recommendations** For versions 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Android versions 7.0 **Description** The issue is related to an information disclosure vulnerability in the package manager of the Android operating system, which is due to a lack of protection for internal data. This vulnerability can be exploited by a remote attacker to allow a local malicious application to bypass the operating system's protections, which isolate application data from other applications. The issue is considered moderate because it first requires compromising a privileged process. **Recommendations** For Android version 7.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Android versions 5.0.x through 5.0.1 Android versions 5.1.x through 5.1.0 Android versions 6.x before 2016-11-01 Android versions 7.0 before 2016-11-01 **Description** An information disclosure issue in the download manager could allow a local malicious application to bypass operating system protections, gaining access to isolated application data. This issue is rated as High. **Recommendations** For Android versions 5.0.x through 5.0.1, update to version 5.0.2 or later. For Android versions 5.1.x through 5.1.0, update to version 5.1.1 or later. For Android versions 6.x before 2016-11-01, apply the 2016-11-01 security patch or later. For Android versions 7.0 before 2016-11-01, apply the 2016-11-01 security patch or later.

**Name of the Vulnerable Software and Affected Versions** Android versions 4.x through 4.4.3 Android versions 5.0.x through 5.0.1 Android versions 5.1.x through 5.1.0 Android versions 6.x before 2016-10-01 Android versions 7.0 before 2016-10-01 **Description** A race condition exists in the MmsProvider.java file within the Telephony component of Android, allowing attackers to gain privileges via a crafted application. This application can modify a database between two open operations. **Recommendations** For Android versions 4.x through 4.4.3, update to version 4.4.4 or later. For Android versions 5.0.x through 5.0.1, update to version 5.0.2 or later. For Android versions 5.1.x through 5.1.0, update to version 5.1.1 or later. For Android versions 6.x before 2016-10-01, apply the October 2016 security patch or later. For Android versions 7.0 before 2016-10-01, apply the October 2016 security patch or later.

**Name of the Vulnerable Software and Affected Versions** Android versions 4.x through 4.4.3 Android versions 5.0.x through 5.0.1 Android versions 5.1.x through 5.1.0 Android versions 6.x before 2016-10-01 Android versions 7.0 before 2016-10-01 **Description** The issue allows attackers to gain privileges via a crafted application. **Recommendations** For Android versions 4.x through 4.4.3, update to version 4.4.4 or later. For Android versions 5.0.x through 5.0.1, update to version 5.0.2 or later. For Android versions 5.1.x through 5.1.0, update to version 5.1.1 or later. For Android versions 6.x before 2016-10-01, update to a version released on or after 2016-10-01. For Android versions 7.0 before 2016-10-01, update to a version released on or after 2016-10-01.

**Name of the Vulnerable Software and Affected Versions** Android versions 4.x through 4.4.3 Android versions 5.0.x through 5.0.1 Android versions 5.1.x through 5.1.0 Android versions 6.x before 2016-10-01 Android versions 7.0 before 2016-10-01 **Description** The issue allows attackers to gain privileges via a crafted application. **Recommendations** For Android versions 4.x through 4.4.3, update to version 4.4.4 or later. For Android versions 5.0.x through 5.0.1, update to version 5.0.2 or later. For Android versions 5.1.x through 5.1.0, update to version 5.1.1 or later. For Android versions 6.x before 2016-10-01, apply the October 2016 security patch or later. For Android versions 7.0 before 2016-10-01, apply the October 2016 security patch or later.

**Name of the Vulnerable Software and Affected Versions** Android versions 4.x through 4.4.3 Android versions 5.0.x through 5.0.1 Android versions 5.1.x through 5.1.0 Android versions 6.x before 2016-07-01 **Description** The issue is related to the libs/binder/Parcel.cpp file in the Parcels Framework APIs, which does not validate the return value of the dup system call. This allows attackers to bypass an isolation protection mechanism via a crafted application. **Recommendations** For Android versions 4.x through 4.4.3, update to version 4.4.4 or later. For Android versions 5.0.x through 5.0.1, update to version 5.0.2 or later. For Android versions 5.1.x through 5.1.0, update to version 5.1.1 or later. For Android versions 6.x before 2016-07-01, update to a version released on or after 2016-07-01.

**Name of the Vulnerable Software and Affected Versions** Android versions 4.x through 4.4.4 Android versions 5.0.x through 5.0.2 Android versions 5.1.x through 5.1.1 Android versions 6.x before 2016-05-01 **Description** The issue is related to the mishandling of object references in the `libs/binder/IPCThreadState.cpp` file of the Binder component in Android. This allows attackers to gain privileges via a crafted application. The vulnerability can be exploited by a remote attacker to elevate their privileges using a specially crafted application. **Recommendations** For Android versions 4.x through 4.4.4, update to version 4.4.4 or later. For Android versions 5.0.x through 5.0.2, update to version 5.0.2 or later. For Android versions 5.1.x through 5.1.1, update to version 5.1.1 or later. For Android versions 6.x before 2016-05-01, update to a version released after 2016-05-01.

**Name of the Vulnerable Software and Affected Versions** Android versions prior to 5.1.1 LMY48Z Android versions 6.0 before 2015-12-01 **Description** The issue is related to inadequate access control in the SystemUI component of the Android operating system. It allows attackers to gain privileges via a crafted application, potentially obtaining Signature or SignatureOrSystem access. This can be exploited by a remote attacker using a specially created application. **Recommendations** For Android versions prior to 5.1.1 LMY48Z, update to version 5.1.1 LMY48Z or later. For Android versions 6.0 before 2015-12-01, ensure that the device is updated to a version released after 2015-12-01.