Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / frameworks / base / 04f363e187e3fc223fb0953f8e219ca6b8e7142d
commit04f363e187e3fc223fb0953f8e219ca6b8e7142d[log] [tgz]
authorTeow Wan Yee <wy.teow@hi-p.com>Tue Oct 11 10:33:52 2016 +0800
committerTeemu Hukkanen <teemu@fairphone.com>Sat Nov 19 12:25:14 2016 +0100
tree570a19dfa5ef552861ab4c4700f7195bea0e6319
parentf24cec326f5f65c693544fb0b92c37f633bacda2 [diff]
FPII-2480: Elevation of privilege vulnerability in Framework APIs
CVE-2016-6715 A-29833954

An app can inject media keys, which allows an application to pick up 
the phone while it is ringing. This enables an attacker to call the device, 
have the malicious application pick up the phone, and thus enable
the attacker to listen to the user’s conversation without their consent.

Change-Id: I82de50a85367ab4f91c770a6a3b309c200bb0b1a
1 file changed
tree: 570a19dfa5ef552861ab4c4700f7195bea0e6319
  1. api/
  2. btobex/
  3. cmds/
  4. core/
  5. data/
  6. docs/
  7. drm/
  8. graphics/
  9. include/
  10. keystore/
  11. libs/
  12. location/
  13. media/
  14. native/
  15. nfc-extras/
  16. obex/
  17. opengl/
  18. packages/
  19. policy/
  20. rs/
  21. samples/
  22. sax/
  23. security-bridge/
  24. services/
  25. telecomm/
  26. telephony/
  27. test-runner/
  28. tests/
  29. tools/
  30. wifi/
  31. Android.mk
  32. CleanSpec.mk
  33. MODULE_LICENSE_APACHE2
  34. NOTICE
  35. preloaded-classes