Mi3 SECURITY ADVISORY: MI3-2017-001
Android Operating System (JELLY_BEAN - API Level 16 and below)
As of August 2017 Google estimates that 7.6% of all devices still run JELLY_BEAN (API 16). Google also estimates there are over 2 Billion monthly active Android devices, presenting a total of 152 Million devices potentially exposed to this vulnerability.
<KEN - NEED YOUR HELP HERE>
This vulnerability impacts API level 16 and below only.
Total Devices Potential Affected: 152 Million
This vulnerability can have potentially severe impacts including:
- Remote code execution
- Access to mobile operating system
- Access to private and confidential information
- Lateral attacks to connected networks (including enterprise networks)
<KEN - DO WE WANT TO ADD ANYTHING HERE?>
References & Attributions
- The vulnerability was also discussed by Adrienne Porter-Felt, Dawn Song, Erika Chin, Steve Hanna, and David Wagner of UC Berkeley here -- https://people.eecs.berkeley.edu/~daw/papers/androidperm-ccs11.pdf