CVE-2016-0802: Input Validation
First published: Sun Feb 07 2016(Updated: )
The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted wireless control message packets, aka internal bug 25306181.
Credit: security@android.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Android | =4.4.4 | |
| Android | =5.0 | |
| Android | =5.1.1 | |
| Android | =6.0 | |
| Android | =6.0.1 | |
| iStyle @cosme iPhone OS | <=9.2.1 | |
| Apple iOS and macOS | <=10.11.3 | |
| tvOS | <=9.1 | |
| Apple iOS, iPadOS, and watchOS | <=2.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html
- http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html
- http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html
- http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html
- http://source.android.com/security/bulletin/2016-02-01.html
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2016-004.txt
- http://www.securitytracker.com/id/1035353
- https://support.apple.com/HT206166
- https://support.apple.com/HT206167
- https://support.apple.com/HT206168
- https://support.apple.com/HT206169
Frequently Asked Questions
What is the severity of CVE-2016-0802?
CVE-2016-0802 is classified as a high severity vulnerability due to the potential for remote code execution and denial of service.
How do I fix CVE-2016-0802?
To mitigate CVE-2016-0802, update your Android or Apple device to the latest software version available that addresses this vulnerability.
Which devices are affected by CVE-2016-0802?
CVE-2016-0802 affects Android versions before 4.4.4, 5.x before 5.1.1, and 6.x before February 1, 2016, as well as certain versions of Apple's iOS, macOS, tvOS, and watchOS.
What types of attacks can result from CVE-2016-0802?
CVE-2016-0802 allows attackers to execute arbitrary code or induce a denial of service through crafted wireless control message packets.
Is there a known exploit for CVE-2016-0802?
While specific exploit details for CVE-2016-0802 are not publicly disclosed, the nature of the vulnerability suggests that it could be leveraged in targeted attacks.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/references
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/google
- canonical/android
- version/android/4.4.4
- version/android/5.0
- version/android/5.1.1
- version/android/6.0
- version/android/6.0.1
- vendor/apple
- canonical/istyle @cosme iphone os
- version/istyle @cosme iphone os/9.2.1
- canonical/apple ios and macos
- version/apple ios and macos/10.11.3
- canonical/tvos
- version/tvos/9.1
- canonical/apple ios, ipados, and watchos
- version/apple ios, ipados, and watchos/2.1