PT-2015-2942 · Google · Android

Flanker

Published

2015-12-08

Updated

2019-02-12

CVE-2015-6620

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Android versions prior to 5.1.1 LMY48Z Android versions prior to 6.0 2015-12-01

Description The issue is related to insufficient access control in the Android operating system. It allows attackers to gain privileges via a crafted application, potentially obtaining Signature or SignatureOrSystem access. This can be exploited by a remote attacker to elevate their privileges.

Recommendations For Android versions prior to 5.1.1 LMY48Z, update to version 5.1.1 LMY48Z or later. For Android versions prior to 6.0 2015-12-01, update to a version released after 2015-12-01.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

BDU:2016-00039

CVE-2015-6620

Affected Products

Android

PT-2015-2942 · Google · Android

CVE-2015-6620

Weakness Enumeration

Related Identifiers

Affected Products

References · 5