CVE-2017-0701

Vulnerability

A remote code execution vulnerability exists in the Android System UI component, as identified by Android ID A-36385715. The flaw affects Android versions 7.1.1 and 7.1.2 [1]. Successful exploitation requires a malicious application to be installed on the device, which can then leverage the vulnerability within the System UI process to execute arbitrary code [1].

Exploitation

An attacker must first convince a user to install a crafted application, which possesses no special privileges beyond normal app permissions. Upon installation, the application sends a specially crafted intent or sequence of operations to the System UI component, triggering the vulnerability [1]. No additional user interaction is needed after installation; the exploit occurs entirely within the System UI process [1].

Impact

Successful exploitation allows the attacker to execute arbitrary code within the context of the System UI process, which runs with elevated privileges. This can lead to full compromise of the device's security, including the ability to access sensitive data, modify system settings, and install further malware [1]. The vulnerability is rated High severity with a CVSS v3 base score of 7.8 [1].

Mitigation

Google released a security patch in the July 2017 Android Security Bulletin, addressing this vulnerability. The fix is included in the 2017-07-01 security patch level for affected devices [1]. Users should ensure their devices receive this update from their manufacturer or carrier. No workarounds are available [1].