First published: Mon Apr 03 2017(Updated: )
An information disclosure vulnerability in libmedia in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it is a general bypass for operating system protections that isolate application data from other applications. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33861560.
Credit: security@android.com
Affected Software | Affected Version | How to fix |
---|---|---|
Google Android | =4.0 | |
Google Android | =4.0.1 | |
Google Android | =4.0.2 | |
Google Android | =4.0.3 | |
Google Android | =4.0.4 | |
Google Android | =4.1 | |
Google Android | =4.1.2 | |
Google Android | =4.2 | |
Google Android | =4.2.1 | |
Google Android | =4.2.2 | |
Google Android | =4.3 | |
Google Android | =4.3.1 | |
Google Android | =4.4 | |
Google Android | =4.4.1 | |
Google Android | =4.4.2 | |
Google Android | =4.4.3 | |
Google Android | =4.4.4 | |
Google Android | =5.0 | |
Google Android | =5.0.1 | |
Google Android | =5.0.2 | |
Google Android | =5.1 | |
Google Android | =5.1.0 | |
Google Android | =5.1.1 | |
Google Android | =6.0 | |
Google Android | =6.0.1 | |
Google Android | =7.0 | |
Google Android | =7.1.0 | |
Google Android | =7.1.1 | |
https://android.googlesource.com/platform/frameworks/av/+/9667e3eff2d34c3797c3b529370de47b2c1f1bf6
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2017-0547 is rated as High due to its potential to bypass operating system protections and allow information disclosure.
To remediate CVE-2017-0547, it is recommended to update your Android device to the latest security patch provided by Google.
CVE-2017-0547 affects multiple versions of Google Android, including versions ranging from 4.0 to 7.1.1.
CVE-2017-0547 is classified as an information disclosure vulnerability in the libmedia component of Mediaserver.
No, CVE-2017-0547 requires a local malicious application to exploit the vulnerability, meaning remote exploitation is not possible.