PT-2016-5718 · Google · Android
Ronald L. Loor Vargas
·
Published
2016-09-11
·
Updated
2017-08-13
·
CVE-2016-3886
CVSS v2.0
7.2
High
| Vector | AV:L/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Android versions prior to 2016-09-01
Description
The issue allows physically proximate attackers to gain privileges by modifying a setting on the lockscreen, due to the System UI Tuner not preventing tuner changes. This is related to the
systemui/statusbar/phone/QuickStatusBarHeader.java file.Recommendations
For Android versions prior to 2016-09-01, consider restricting access to the System UI Tuner on the lockscreen to minimize the risk of exploitation.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Android