Skip to content

Commit 918f677

Browse files
Fuzion24Fuzion24
committed
Update Readme.md
1 parent b278990 commit 918f677

File tree

1 file changed

+1
-0
lines changed

1 file changed

+1
-0
lines changed

Readme.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -36,6 +36,7 @@ A list of current bug checks:
3636
- [CVE-2015-6608](https://groups.google.com/forum/#!topic/android-security-updates/GwZn7sixask)
3737
- [CVE-2015-7414](https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1474)
3838
- [CVE-2015-1528](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1528)
39+
- [CVE-2015-6616](https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-6616)
3940

4041
## Previous work
4142
There have been attempts before to solve this issue. [xray.io](http://www.xray.io/) Xray works by actually attempting the exploit which doesn't satisfy our system stability constraint. There also exist other applications which attempt to determine a devices attack surface by simply using a lookup based on Android verison/build information. This causes both false negatives and false positives. Imagine the case where an OEM has back ported a fix to a device, but the check solely relies on an Android device; false positive. The case where an OEM upgrades to an Android version/kernel version which includes patches, but manages to break them causes the case of a false negative.

0 commit comments

Comments
 (0)