Cathal Mcdaid

**Name of the Vulnerable Software and Affected Versions** Motorola devices (affected versions not specified) **Description** The issue allows remote attackers to retrieve location and IMEI information, or retrieve other data or execute certain commands, via SIM Toolkit (STK) instructions in an SMS message. This is related to the SIMalliance Toolbox Browser (aka S@T Browser) on the UICC. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SIMalliance Toolbox Browser (aka S@T Browser) versions not specified **Description** The issue is related to insecure privilege management in the SIMalliance Toolbox Browser on certain Samsung devices. This could allow a remote attacker to disclose protected information, extract location and IMEI information, or execute specific commands using SIM Toolkit (STK) instructions in an SMS message. The estimated number of potentially affected devices worldwide is not provided. There is no information about real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.