vivo

Home

>

Support

>

Security Advisory

>

Details

Security Advisory | PendingIntent hijacking vulnerability in Framework Services

Original release date: 2021-07-01

CVE ID

CVE-2021-26277

CVSS 3.1 Base Score

5.6 Medium (AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N)

Description

The framework service handles pendingIntent incorrectly, allowing a malicious application with certain privileges to perform privileged actions.

Software Versions and Fixes

Temporary Fix

NA

Obtaining Fixed Software

Devices that support automatic updates receive a system update prompt, and users complete the fix for the vulnerability by performing a system update.

Source

Google

Update Records

2021-07-01 V1.0 INITIAL

FAQs

NA

vivo Security Procedures

vivo is committed to providing users with best cyber security products and services, and follows the industrial best practice to handle and publish vunerability information.
To report a security vulnerability in vivo products and solutions, please send it to security@vivo.com.
For details, please visit Security Advisory.