CVE-2019-15380

Name of the Vulnerable Software and Affected Versions Fly Photo Pro Android device with a build fingerprint of Fly/PhotoPro/Photo Pro:8.1.0/O11019/1528117003:user/release-keys com.mediatek.wfo.impl app version 8.1.0

Description The issue concerns a pre-installed app on the Fly Photo Pro Android device that allows any co-located app to modify a system property without proper authorization. This is due to an exported interface in the com.mediatek.wfo.impl app.

Recommendations For the Fly Photo Pro Android device with the specified build fingerprint, consider restricting access to the exported interface of the com.mediatek.wfo.impl app to prevent unauthorized modification of system properties. For the com.mediatek.wfo.impl app version 8.1.0, as a temporary workaround, consider disabling the app's ability to modify system properties until a patch is available.