Monday, 27 March 2017

On 02:48 by admin   No comments
A vulnerability classified as critical was found in OxygenOS up to 4.0.2 on OnePlus 3/OnePlus 3T. This vulnerability affects an unknown function of the component adb. The manipulation with an unknown input leads to a privilege escalation vulnerability. The CWE definition for the vulnerability is CWE-269. As an impact it is known to affect confidentiality, integrity, and availability.

The weakness was disclosed 03/26/2017. This vulnerability was named CVE-2017-5622 since 01/29/2017. Local access is required to approach this attack. No form of authentication is required for a successful exploitation. The technical details are unknown and an exploit is not available.

Upgrading to version 4.0.3 eliminates this vulnerability.

Countermeasures

Recommended: Upgrade
Status: Official fix
0-Day Time: 0 days since found

Upgrade: OxygenOS 4.0.3

0 comments:

Post a comment