Google Bypassing Intended Restrictions Vulnerabilities
3 Dec. 2015
The AppWidgetServiceImpl implementation in com/android/server/appwidget/AppWidgetServiceImpl.java in the Settings application in Android before 5.1.1 LMY48I allows attackers to obtain a URI permission via an application that sends an Intent with a (1) FLAG_GRANT_READ_URI_PERMISSION or (2) FLAG_GRANT_WRITE_URI_PERMISSION flag, as demonstrated by bypassing intended restrictions on reading contacts, aka internal bug 19618745.
The information has been provided by Joshua J. Drake, Zimperium zLabs VP of Platform Research and Exploitation.
Nexus Player devices that includes several security fixes. The patches for these fixes have also been released to the Android Open Source Project (AOSP) source repository. These issues are categorized and provided in decreasing order of severity. We have also provided an assessment of each issue, given the information we have at the time of the publication of this bulletin. For more information on Android's security bug lifecycle and how we decide on severity ratings