The Android Dialer contains a flaw that is triggered during the handling of certain Unstructured Supplementary Service Data (USSD) codes from a web page that contains a specially crafted 'tel:' URI. This may allow a context-dependent attacker to reset the device back to factory settings.
Android Framework contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when the URI ACTION_VIEW Intent action passes arbitrary information to a remote attacker, even in cases where no permissions are required to export information have been granted.
The Android Framework contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a user installs a malicious Android application that requires no permissions. Due to a flaw in permission management, the malicious application may be able to scan the device's SD card, fetch the /data/system/packages.list file, and bypass the PHONE_STATE permission. This information can then be sent to a remote server, potentially disclosing sensitive information.
Android contains a flaw that is triggered when the built in factory reset feature fails to properly remove all information from the system, when ran from either the recovery console or inside. This may allow a physically present attacker to gain access to potentially sensitive information from a locked device, by first performing a factory reset and then recovering the information.
The Google Android contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is due to an unspecified issue, allowing a context-dependent attacker to gain access to the device with root privileges.