CVE-2016-6715
Last modified
CVE-2016-6715 is a vulnerability of currently unknown severity. An elevation of privilege vulnerability in the Framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could allow a local malicious application to record audio without the user's permission. This issue is rated as Moderate because it is a local bypass of user interaction requirements (access to functionality that would normally require either user initiation or user permission.) Android ID: A-29833954.. EPSS estimates a 0.34% chance of exploitation in the next 30 days.
Description
An elevation of privilege vulnerability in the Framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could allow a local malicious application to record audio without the user's permission. This issue is rated as Moderate because it is a local bypass of user interaction requirements (access to functionality that would normally require either user initiation or user permission.) Android ID: A-29833954.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Android | >= 4.0, < 4.4.4 | |
| Android | >= 5.0, < 5.0.2 | |
| Android | >= 5.1, < 5.1.1 | |
| Android | >= 6.0, <= 6.0.1 | |
| Android | 7.0 |
References
- http://www.securityfocus.com/bid/94173Third Party Advisory, VDB Entry
- https://source.android.com/security/bulletin/2016-11-01.htmlVendor Advisory
- http://www.securityfocus.com/bid/94173Third Party Advisory, VDB Entry
- https://source.android.com/security/bulletin/2016-11-01.htmlVendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2016-6715?
How severe is CVE-2016-6715?
How do I fix CVE-2016-6715?
Are you affected by CVE-2016-6715?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST