Android Mediaserver Vulnerability (CVE-2015-3842)
Publish date: 06 de abril de 2016
Gravedad: Crítico
Identificadores de CVE : CVE-2015-3842
Fecha recomendada: 17 de agosto de 2015
Descripción
This vulnerability assigned with CVE-2015-3842, affects the AudioEffect component found in the mediaserver program. Attackers can run arbitrary code on the device when successfully exploited thus compromising its security. However, attackers need to convince users first to install a malicious app that doesn't require any permission.The said vulnerability affects Android versions 2.3 to 5.1.1.
Trend Micro researcher Wish Wu disclosed details about this vulnerability to Google. The said company acknowledged Wu’s research contribution.