CVE-2016-7989

Name of the Vulnerable Software and Affected Versions Samsung Galaxy S series versions S4 through S7

Description A malformed OTA WAP PUSH SMS containing an OMACP message can cause an unhandled ArrayIndexOutOfBoundsException in the WifiServiceImpl class within wifi-service.jar, leading to the Android runtime continually crashing and rendering the device unusable until a factory reset is performed.

Recommendations For Samsung Galaxy S4 through S7 devices, as a temporary workaround, consider disabling the WifiServiceImpl class until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.