Security Bypass Vulnerability in Symantec Norton Mobile Security for Android
CVE-2016-6586

3.7LOW

Key Information:

Vendor

Symantec
Status
Norton Mobile Security For Android
Vendor
CVE Published:
8 January 2020

What is CVE-2016-6586?

A security bypass vulnerability in Symantec Norton Mobile Security for Android, prior to version 3.16, allows an attacker to perform a man-in-the-middle attack. This can be achieved through specially crafted JavaScript, enabling an unauthorized user to add arbitrary URLs to the URL whitelist, compromising the integrity of the application and endangering user data and privacy.

Affected Version(s)

Norton Mobile Security for Android before 3.16

References

http://www.securitytracker.com/id/1037225
x_refsource_MISC
http://www.securityfocus.com/bid/93901
x_refsource_MISC
https://support.symantec.com/us/en/article.symsa1384.html
x_refsource_CONFIRM

CVSS V3.1

Score:
3.7
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2016-6586 : Security Bypass Vulnerability in Symantec Norton Mobile Security for Android