Neobyte

**Name of the Vulnerable Software and Affected Versions** Android versions prior to 5.1.1 LMY48Z Android versions prior to 6.0 before 2015-12-01 **Description** The issue is related to the libstagefright library in the Android operating system and is caused by a lack of protection for service data. It allows a remote attacker to obtain sensitive information and bypass an unspecified protection mechanism. The attacker can gain Signature or SignatureOrSystem access via unknown vectors. **Recommendations** For Android versions prior to 5.1.1 LMY48Z, update to version 5.1.1 LMY48Z or later. For Android versions prior to 6.0 before 2015-12-01, update to version 6.0 from 2015-12-01 or later.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 44.0.2403.89 **Description** The issue is related to a cross-site scripting (XSS) vulnerability that allows remote attackers to inject arbitrary web script or HTML via a crafted intent URL. This can be achieved by appending a substring such as `alert(document.cookie);//` to the URL. The vulnerability exists due to inadequate protection of the web page structure. **Recommendations** For Google Chrome versions prior to 44.0.2403.89, update to version 44.0.2403.89 or later to resolve the issue. As a temporary workaround, consider restricting the use of intent URLs to minimize the risk of exploitation. Avoid using crafted intent URLs that may trigger the vulnerability until the issue is resolved.