CVE-2017-0412 Google CVE debrief

Who should care

Android device owners and fleet operators, mobile security teams, endpoint defenders, and incident responders should care, especially where Android 7.0/7.1.x devices remain in service or allow installation of untrusted apps.

Technical summary

The NVD and Android security bulletin describe an elevation of privilege in Framework APIs that could let a local malicious application run code inside a privileged process. NVD classifies the weakness as CWE-367 and rates the impact as high across confidentiality, integrity, and availability. The record’s affected CPEs include Android 7.0, 7.1.0, and 7.1.1, while the CVE description specifically calls out 7.0 and 7.1.1. The issue is local in nature and requires user interaction per the CVSS vector.

Defensive priority

High

Recommended defensive actions

• Apply the relevant Android security bulletin fixes to affected devices as soon as available.
• Prioritize remediation or retirement of Android 7.0/7.1.x devices that remain in production or are allowed to install third-party apps.
• Review app installation and sideloading controls to reduce exposure to malicious local applications.
• Monitor affected devices for unusual privilege-related behavior or unexpected execution within system or privileged processes.
• Use the Android security bulletin and NVD record to validate whether specific device builds are still exposed.

Evidence notes

Primary evidence comes from the NVD CVE record and the Android vendor advisory referenced in the source corpus. The CVE description states that a local malicious application could execute arbitrary code within a privileged process. NVD lists CVSS 3.0 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H and CWE-367. The source corpus also includes third-party references (SecurityFocus, SecurityTracker) and an Exploit-DB URL; those references are noted but no exploit details are used here.

Official resources