CVE-2014-8610

Name of the Vulnerable Software and Affected Versions Android versions prior to 5.0.0

Description The issue allows attackers to send stored SMS messages and transmit arbitrary new draft SMS messages, or trigger additional per-message charges from a network operator for old messages. This can be achieved via a crafted application that broadcasts an intent with the com.android.mms.transaction.MESSAGE SENT action.

Recommendations For Android versions prior to 5.0.0, consider restricting the use of the SmsReceiver receiver until a patch is available. As a temporary workaround, avoid using the com.android.mms.transaction.MESSAGE SENT action in crafted applications to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.