CVE-2016-10398

Name of the Vulnerable Software and Affected Versions Android version 6.0

Description The issue is related to an authentication bypass in the Trusted Execution Environment (TEE) that allows attackers with root and physical access to replay previously captured responses and use the TEE without authenticating. This is due to a weak challenge protecting cryptographic authentication tokens (AuthTokens). All apps using authentication-gated cryptography are vulnerable to this attack.

Recommendations For Android version 6.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.