Michael Terry

Name of the Vulnerable Software and Affected Versions: Unity8 versions prior to 8.11+16.04.20160111.1-0ubuntu1 Unity8 versions prior to 8.11+15.04.20160122-0ubuntu1 Description: The issue allows an attacker to enable the MTP service by opening the emergency dialer, potentially exposing information. This affects Unity8 as used on the Ubuntu phone and possibly also in Unity8 shipped elsewhere. Recommendations: For versions prior to 8.11+16.04.20160111.1-0ubuntu1, update to 8.11+16.04.20160111.1-0ubuntu1 or later. For versions prior to 8.11+15.04.20160122-0ubuntu1, update to 8.11+15.04.20160122-0ubuntu1 or later. As a temporary workaround, consider restricting access to the emergency dialer to minimize the risk of exploitation.