CVE-2016-2417

Name of the Vulnerable Software and Affected Versions Android versions 4.x through 4.4.4 Android versions 5.0.x through 5.0.2 Android versions 5.1.x through 5.1.1 Android versions 6.x before 2016-04-01

Description The issue allows attackers to obtain sensitive information from process memory and bypass an unspecified protection mechanism via unspecified vectors. This can be demonstrated by obtaining Signature or SignatureOrSystem access. The vulnerability is related to the media/libmedia/IOMX.cpp component in the mediaserver of the Android operating system, which does not initialize a parameter data structure.

Recommendations For Android versions 4.x through 4.4.4, update to version 4.4.4 or later. For Android versions 5.0.x through 5.0.2, update to version 5.0.2 or later. For Android versions 5.1.x through 5.1.1, update to version 5.1.1 or later. For Android versions 6.x before 2016-04-01, update to a version released after 2016-04-01.