Security Advisory | PendingIntent hijacking vulnerability in Framework Services
Original release date: 2021-07-01
CVE ID
CVE-2021-26277
CVSS 3.1 Base Score
5.6 Medium (AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N)
Description
The framework service handles pendingIntent incorrectly, allowing a malicious application with certain privileges to perform privileged actions.
Software Versions and Fixes
- Software Affected Version Fixed Version
- Frame service Versions earlier than Android 11 The vulnerability is fixed in all releases after 2021.6.30
Temporary Fix
NA
Obtaining Fixed Software
Devices that support automatic updates receive a system update prompt, and users complete the fix for the vulnerability by performing a system update.
Source
Google
Update Records
2021-07-01 V1.0 INITIAL
FAQs
NA
vivo Security Procedures
vivo is committed to providing users with best cyber security products and services, and follows the industrial best practice to handle and publish vunerability information.
To report a security vulnerability in vivo products and solutions, please send it to security@vivo.com.
For details, please visit Security Advisory.
To report a security vulnerability in vivo products and solutions, please send it to security@vivo.com.
For details, please visit Security Advisory.