CVE-2015-3840

Name of the Vulnerable Software and Affected Versions Android versions prior to 5.1.1

Description The issue allows local users to modify the sent and received statuses of SMS and MMS messages without having the necessary "WRITE SMS" permission. This is due to a flaw in the MessageStatusReceiver service defined in the AndroidManifest.XML file.

Recommendations For Android versions prior to 5.1.1, consider restricting access to the MessageStatusReceiver service until a patch is available. As a temporary workaround, review and limit local user permissions to prevent unauthorized modification of message statuses.