Security Advisory | Wifi information acquisition vulnerability in Framework Services

Original release date: 2022-03-28

CVE ID

CVE-2020-12492

CVSS 3.1 Base Score

4.0 Medium （AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N）

Description

Improper handling of WiFi information by framework services can allow certain malicious applications to obtain sensitive information.

Software Versions and Fixes

Software Affected Version Fixed Version
Framework service Versions earlier than Android 11 The vulnerability is fixed in all releases after 2022.2.24

Temporary Fix

Obtaining Fixed Software

Devices that support automatic updates receive a system update prompt, and users complete the fix for the vulnerability by performing a system update.

Source

Qing Zhang and Kailong Wang from Nus

Update Records

2022-03-28 V1.0 INITIAL

FAQs

vivo Security Procedures

vivo is committed to offering users with secure products and services, and follows the best practices in the industry to handle and disclose security vulnerability information.
To report a security vulnerability in vivo products and solutions, please send it to security@vivo.com.
For details, please visit Security Advisory.