CVE-2019-15355

Name of the Vulnerable Software and Affected Versions Tecno Camon iClick Android device with a build fingerprint of TECNO/H633/TECNO-IN6:8.1.0/O11019/A-180409V96:user/release-keys com.mediatek.wfo.impl app version 8.1.0

Description The issue concerns a pre-installed app that allows any co-located app to modify a system property without proper authorization. This is due to an exported interface in the com.mediatek.wfo.impl app.

Recommendations For the Tecno Camon iClick Android device, consider restricting access to the system property until a patch is available. For the com.mediatek.wfo.impl app version 8.1.0, as a temporary workaround, consider disabling the exported interface that allows modification of the system property. At the moment, there is no information about a newer version that contains a fix for this vulnerability.