Vulnerability: Privilege Escalation via MANAGE_USERS and CREATE_USERS Permissions in Android Shell Component

Vulnerability: Privilege Escalation via MANAGE_USERS and CREATE_USERS Permissions in Android Shell Component

CVE-2016-3833 · HIGH Severity

AV:N/AC:M/AU:N/C:C/I:C/A:C

The Shell component in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 does not properly manage the MANAGE_USERS and CREATE_USERS permissions, which allows attackers to bypass intended access restrictions via a crafted application, aka internal bug 29189712.

Learn more about our Cis Benchmark Audit For Google Android.