Home > Developer > Android

Analysis of the quick-pass vulnerability of the Android version of eggplant

Source: Internet
Author: User
Tags cve lenovo
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Lenovo Security Bulletin: LEN-6421

Potential impact: Users with older versions of Android may be susceptible to remote code execution or UXSS attacks, and users with any version of Android may be susceptible to Intent Scheme attacks.

Importance: High

Summary description:

A vulnerability has been detected on the Android version of eggplant that is below the 3.5.98_WW version. Lenovo advises customers to update the latest version of the eggplant to avoid such vulnerabilities.

The Android version of the eggplant may be pre-installed on some of the Lenovo mobile devices, or it can be downloaded to non-Lenovo's Android device, which allows users to share the specified files and folders between smartphones, tablets, and personal computers.

Fixes include

1.Android version of Eggplant: When the operating system version of the user's Android device is earlier than 4.2, the version of the Android version below 3.5.98 is vulnerable to the following Android remote code execution vulnerability: cve-2012-6636, CVE-20 14-1939 or cve-2014-7224.

2.Android version of the Eggplant fast: version below 3.5.98 of the Android version of Eggplant fast transmission is susceptible to Intent Scheme URL attack. The issue has been confirmed as cve-2016-4782.

3.Android version of the Eggplant Express: When the user's Android device version of the operating system earlier than 4.4, version lower than 3.5.98 of the Android version of Eggplant fast transmission is vulnerable to UXSS attacks. The issue has been confirmed as cve-2016-4783.

Solution:

What measures should be taken to protect themselves:

Go to the Google Play store and download the latest available version to update the Android Eggplant Express to 3.5.98_ww or later: https://play.google.com/store/apps/details?id= com.lenovo.anyshare.gps&hl=en

Thanks:

Thanks to Nicky from Tencent Security Platform Department (cve-2016-4782, cve-2016-4783)

Additional information and references:

CVE id:cve-2016-4782, cve-2016-4783

Revision history:

Version: 1.0

Date: 2016.5.19

Description: Initial version

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
get the permalink wordpress the field nist certificate of analysis analysis of algorithms book download old version of snapchat for android latest version of firefox for android latest version of firefox for android
Related Article
Android's approach to using Bytebuffer in JNI
Android Clipchildren Attribute Example detailed _android
Android 9.0 new Features
Deep Learning Application Series (iii) | Build your own image...
Android and JS call each other

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More