CVE-2017-0638

Vulnerability

A remote code execution vulnerability exists in the System UI component of Android versions 7.1.1 and 7.1.2 (Android ID: A-36368305). The bug can be triggered by a specially crafted file, enabling code execution within the context of an unprivileged process. The vulnerability is rated as High severity (CVSS 7.8) [1].

Exploitation

An attacker requires the ability to deliver a specially crafted file to the target device. No further authentication or elevated privileges are necessary to trigger the vulnerability once the file is processed by System UI. The exact sequence of steps for exploitation has not been publicly detailed beyond the requirement of a crafted file [1].

Impact

Successful exploitation enables arbitrary code execution, but confined to an unprivileged process. This limits the attacker's access to the security sandbox of that process, preventing direct compromise of the full system or user data at the highest privilege level [1].

Mitigation

Google released a security update in the June 2017 Android Security Bulletin to address this vulnerability. Users should apply the update from their device manufacturer or carrier as soon as possible. No workarounds are documented. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog [1].