Android Operating System (JELLY_BEAN - API Level 16 and below)
As of August 2017 Google estimates that 7.6% of all devices still run JELLY_BEAN (API 16). Google also estimates there are over 2 Billion monthly active Android devices, presenting a total of 152 Million devices potentially exposed to this vulnerability.
Given the API level targeted and the number of supported devices this is rated as a low potential for exploitation.
This vulnerability impacts API level 16 and below only.
Total Devices Potential Affected: 152 Million
This vulnerability can have potentially severe impacts including:
- Remote code execution
- Access to mobile operating system
- Access to private and confidential information
- Lateral attacks to connected networks (including enterprise networks)
REFERENCES & ATTRIBUTIONS
- The vulnerability was also discussed by Adrienne Porter-Felt, Dawn Song, Erika Chin, Steve Hanna, and David Wagner of UC Berkeley here -- https://people.eecs.berkeley.edu/~daw/papers/androidperm-ccs11.pdf