Unity8 Information Exposure Vulnerability Enables Unauthorized MTP Service Activation

Unity8 Information Exposure Vulnerability Enables Unauthorized MTP Service Activation

CVE-2015-7946 · MEDIUM Severity

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Information Exposure vulnerability in Unity8 as used on the Ubuntu phone and possibly also in Unity8 shipped elsewhere. This allows an attacker to enable the MTP service by opening the emergency dialer. Fixed in 8.11+16.04.20160111.1-0ubuntu1 and 8.11+15.04.20160122-0ubuntu1.

Learn more about our Cis Benchmark Audit For Ubuntu Linux.