CVE-2016-6526

Name of the Vulnerable Software and Affected Versions Samsung Mobile Telecom application (affected versions not specified) Samsung Note device versions 5.0/5.1 and 6.0

Description The issue is related to insufficient access control in the SpamCall Activity component of the Telecom application. It can be exploited by a remote attacker to cause a denial of service, resulting in a crash and reboot, or possibly to gain privileges. This is achieved via a malformed serializable object.

Recommendations For Samsung Note device versions 5.0/5.1 and 6.0, consider restricting access to the SpamCall Activity component until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.