Android phone call permission bypass Vulnerability(CVE-2 0 1 3-6 2 7 2)Analysis-vulnerability warning-the black bar safety net

2014-07-09T00:00:00
ID MYHACK58:62201451091
Type myhack58
Reporter 佚名
Modified 2014-07-09T00:00:00

Description

Author: Gong wide

The ## 1. CVE-2 0 1 3-6 2 7 2 vulnerability background

CVE-2 0 1 3-6 2 7 2 is an Android platform phone calls permission bypass vulnerability. The vulnerability is actually Berlin's security research organisation curesec in 2 0 1 3 the end of the year discovered and privately reported to google, and is not a domestic team. Curesec is also Android lock screen bypass Vulnerability, CVE-2 0 1 3-6 2 7 1 found. Curesec 2 0 1 4 year 7 month 4, discloses a call-related vulnerabilities [1], We for this vulnerability are analyzed.

This vulnerability in the android 4.1.1 version to be introduced in 4. 4. 3 version in to be repaired, the phone system version is still stuck at 4. 1. 1~4.4.2 models have received the impact.

2. Android affected version

According to already disclosed information and we for AOSP changelog of the analysis, the vulnerability affects the distribution as follows:

|

Android version

|

SDK version

|

Whether the affected

---|---|---

4.1.1

|

1 6

|

Is

4.1.2

|

1 6

|

Is

4.2.2

|

1 7

|

Is

4.4.2

|

1 9

|

Is

4.4.3 or higher

|

1 9

|

No

[1] [2] [3] next