Entreprise d'experts en Sécurité Informatique : Audits et conseils en cybersécurité
Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com


CVE-2013-6271

Description

Android 4.0 through 4.3 allows attackers to bypass intended access restrictions and remove device locks via a crafted application that invokes the updateUnlockMethodAndFinish method in the com.android.settings.ChooseLockGeneric class with the PASSWORD_QUALITY_UNSPECIFIED option.

POC

Reference

- http://seclists.org/fulldisclosure/2013/Nov/204

- http://www.theregister.co.uk/2013/12/10/android_has_lockbypass_bug/

Github

- https://github.com/Chiku014/vulnerability-scanner