PT-2016-7060 · Google · Android

Ao Wang

Published

2016-11-25

Updated

2016-12-06

CVE-2016-6700

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Android versions 4.x through 4.4.3 Android versions 5.0.x through 5.0.1 Android versions 5.1.x through 5.1.0

Description An elevation of privilege issue in libzipfile could allow a local malicious application to execute arbitrary code within the context of a privileged process, potentially leading to a local permanent device compromise. This compromise may require reflashing the operating system to repair the device.

Recommendations For Android versions 4.x through 4.4.3, update to version 4.4.4 or later. For Android versions 5.0.x through 5.0.1, update to version 5.0.2 or later. For Android versions 5.1.x through 5.1.0, update to version 5.1.1 or later.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2016-6700

Affected Products

Android

PT-2016-7060 · Google · Android

CVE-2016-6700

Weakness Enumeration

Related Identifiers

Affected Products

References · 8