CVE-2015-3849

Name of the Vulnerable Software and Affected Versions Android versions prior to 5.1.1 LMY48M

Description The issue is related to the Region createFromParcel function in the Android operating system, which has inadequate access control to certain functions. This can be exploited by a remote attacker using a specially crafted application to execute arbitrary code. The function does not check the return values of certain read operations, allowing attackers to send a crafted message to a service and execute arbitrary code.

Recommendations For Android versions prior to 5.1.1 LMY48M, update to version 5.1.1 LMY48M or later to resolve the issue. As a temporary workaround, consider restricting access to the Region createFromParcel function until a patch is available.