CVE-2017-0395 : What You Need to Know
Learn about CVE-2017-0395, a moderate Android vulnerability allowing local malicious apps to create contact info without user consent. Find mitigation steps here.
Android Contacts feature vulnerability allows local malicious apps to create contact info without user consent.
Understanding CVE-2017-0395
A vulnerability in Android's Contacts feature could lead to an elevation of privilege.
What is CVE-2017-0395?
This vulnerability allows a local malicious app to create contact information without the user's knowledge, bypassing typical user interaction requirements.
The Impact of CVE-2017-0395
- Severity: Moderate
- Affected Product: Android
- Impacted Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1
- Identifier: A-32219099
Technical Details of CVE-2017-0395
A closer look at the technical aspects of the vulnerability.
Vulnerability Description
- Type: Elevation of privilege
- Allows local malicious apps to silently create contact information
Affected Systems and Versions
- Product: Android
- Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1
Exploitation Mechanism
- Local malicious apps exploit Contacts feature to create contact info without user consent
Mitigation and Prevention
Steps to address and prevent the CVE-2017-0395 vulnerability.
Immediate Steps to Take
- Regularly update Android devices
- Avoid downloading apps from untrusted sources
- Monitor app permissions and restrict unnecessary access
Long-Term Security Practices
- Enable Google Play Protect
- Use reputable security apps
- Educate users on safe app usage
Patching and Updates
- Apply security patches promptly
- Stay informed about security bulletins and updates