CVE-2016-3832

Severity

83%

Complexity

86%

Confidentiality

141%

The framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 do not ensure that package data originated from the Package Manager, which allows attackers to bypass an unspecified protection mechanism via a crafted application, aka internal bug 28795098.

The framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 do not ensure that package data originated from the Package Manager, which allows attackers to bypass an unspecified protection mechanism via a crafted application, aka internal bug 28795098.

CVSS 3.0 Base Score 7.8. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).

CVSS 2.0 Base Score 8.3. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:C).

Overview

Type

Google Android

First reported 8 years ago

2016-08-05 20:59:00

Last updated 8 years ago

2016-11-28 20:12:00

Affected Software

Google Android Operating System 4.0

4.0

Google Android Operating System 4.0.1

4.0.1

Google Android Operating System 4.0.2

4.0.2

Google Android Operating System 4.0.3

4.0.3

Google Android Operating System 4.0.4

4.0.4

Google Android Operating System 4.1

4.1

Google Android Operating System 4.1.2

4.1.2

Google Android Operating System 4.2 (Jelly Bean)

4.2

Google Android Operating System 4.2.1

4.2.1

Google Android Operating System 4.2.2

4.2.2

Google Android Operating System 4.3

4.3

Google Android Operating System 4.3.1

4.3.1

Google Android Operating System 4.4

4.4

Google Android Operating System 4.4.1

4.4.1

Google Android Operating System 4.4.2

4.4.2

Google Android Operating System 4.4.3

4.4.3

Google Android Operating System 5.0

5.0

Google Android 5.0.1

5.0.1

Google Android 5.1

5.1

Google Android 5.1.0

5.1.0

Google Android 6.0

6.0

Google Android 6.0.1

6.0.1

References

http://source.android.com/security/bulletin/2016-08-01.html

Vendor Advisory

92232

https://android.googlesource.com/platform/frameworks/base/+/e7cf91a198de995c7440b3b64352effd2e309906

Issue Tracking, Patch

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.