CVE-2017-0598: Infoleak
First published: Mon May 01 2017(Updated: )
An information disclosure vulnerability in the Framework APIs could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34128677.
Credit: security@android.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Android | ||
| Android | =4.0 | |
| Android | =4.0.1 | |
| Android | =4.0.2 | |
| Android | =4.0.3 | |
| Android | =4.0.4 | |
| Android | =4.1 | |
| Android | =4.1.2 | |
| Android | =4.2 | |
| Android | =4.2.1 | |
| Android | =4.2.2 | |
| Android | =4.3 | |
| Android | =4.3.1 | |
| Android | =4.4 | |
| Android | =4.4.1 | |
| Android | =4.4.2 | |
| Android | =4.4.3 | |
| Android | =4.4.4 | |
| Android | =5.0 | |
| Android | =5.0.1 | |
| Android | =5.0.2 | |
| Android | =5.1 | |
| Android | =5.1.0 | |
| Android | =5.1.1 | |
| Android | =6.0 | |
| Android | =6.0.1 | |
| Android | =7.0 | |
| Android | =7.1.0 | |
| Android | =7.1.1 | |
| Android | =7.1.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/98133
- https://source.android.com/security/bulletin/2017-05-01
- https://android.googlesource.com/platform/frameworks/base/+/4e110ab20bb91e945a17c6e166e14e2da9608f08
- https://android.googlesource.com/platform/frameworks/base/+/d42e1204d5dddb78ec9d20d125951b59a8344f40
- https://source.android.com/docs/security/bulletin/2017-05-01 (Advisory)
Frequently Asked Questions
What is the severity of CVE-2017-0598?
The severity of CVE-2017-0598 is rated as High due to its potential to allow unauthorized access to application data.
How can I mitigate CVE-2017-0598?
Mitigating CVE-2017-0598 involves updating affected Android versions to the latest security patches provided by Google.
What are the affected versions for CVE-2017-0598?
CVE-2017-0598 affects various versions of Google Android, including 4.0 to 7.1.2.
Who discovered CVE-2017-0598?
CVE-2017-0598 was reported by security researchers analyzing vulnerabilities within the Android framework.
What type of vulnerability is CVE-2017-0598?
CVE-2017-0598 is classified as an information disclosure vulnerability in the Android Framework APIs.
- agent/type
- agent/first-publish-date
- agent/weakness
- agent/severity
- agent/remedy
- agent/author
- agent/references
- agent/description
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/event
- agent/last-modified-date
- agent/source
- agent/tags
- collector/android-source
- source/Android
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/google
- canonical/android
- version/android/4.0
- version/android/4.0.1
- version/android/4.0.2
- version/android/4.0.3
- version/android/4.0.4
- version/android/4.1
- version/android/4.1.2
- version/android/4.2
- version/android/4.2.1
- version/android/4.2.2
- version/android/4.3
- version/android/4.3.1
- version/android/4.4
- version/android/4.4.1
- version/android/4.4.2
- version/android/4.4.3
- version/android/4.4.4
- version/android/5.0
- version/android/5.0.1
- version/android/5.0.2
- version/android/5.1
- version/android/5.1.0
- version/android/5.1.1
- version/android/6.0
- version/android/6.0.1
- version/android/7.0
- version/android/7.1.0
- version/android/7.1.1
- version/android/7.1.2