The Widevine QSEE TrustZone application in Android 5.x prior to 5.1.1 LMY49F and 6.0 prior to 2016-01-01 allows malicious users to gain privileges via a crafted application that leverages QSEECOM access, aka internal bug 24446875.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
google android 6.0.1 |
||
google android 6.0 |
||
google android 5.0 |
||
google android 5.1.1 |
Yet again, the fix would be proper vetting of code in Google Play and other app stores
Duo Security researcher Kyle Lady says attackers can compromise more than half of enterprise Android phones by chaining two operating system and chip vulnerabilities. The flaws affect scores of phones on the market from the most popular Lollipop version 5 Android system, second-placed KitKat version 4.4, and the barely-used modern Marshmallow version 6. Some 60 percent of enterprise Android phones are affected based on tests of half a million phones. Affected users can apply a January patch if o...