Privilege Escalation via System UI Tuner in Android 7.0

Privilege Escalation via System UI Tuner in Android 7.0

CVE-2016-3886 · HIGH Severity

AV:L/AC:L/AU:N/C:C/I:C/A:C

systemui/statusbar/phone/QuickStatusBarHeader.java in the System UI Tuner in Android 7.0 before 2016-09-01 does not prevent tuner changes on the lockscreen, which allows physically proximate attackers to gain privileges by modifying a setting, aka internal bug 30107438.

Learn more about our Cis Benchmark Audit For Google Android.