Android Vulnerability (CVE-2015-3840)
Publish Date: 16 August 2015
CVE Kennungen:: CVE-2015-3840
Hinweisdatum: 12 August 2015
Beschreibung
Trend Micro researchers discovered this Android vulnerability that can modify MMS/SMS when exploited successfully. This bug came from “MessageStatusReceiver” service found in AndroidManifest.XML file. Attackers may exploit this via a malicious application to launch privilege escalation attack to the Android security model to change received status and date of SMS/MMS.
Other possible attack scenarios would be for attackers to leverage this vulnerability to modify the conversation or even have users send messages to a premium number without their knowledge.