PT-2017-6698 · Google · Android

Published

2017-06-27

Updated

2017-07-05

CVE-2015-3840

CVSS v2.0

2.1

Low

Vector

AV:L/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Android versions prior to 5.1.1

Description The issue allows local users to modify the sent and received statuses of SMS and MMS messages without having the necessary "WRITE SMS" permission. This is due to a flaw in the MessageStatusReceiver service defined in the AndroidManifest.XML file.

Recommendations For Android versions prior to 5.1.1, consider restricting access to the MessageStatusReceiver service until a patch is available. As a temporary workaround, review and limit local user permissions to prevent unauthorized modification of message statuses.

Exploit

Fix

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

CVE-2015-3840

Affected Products

Android

PT-2017-6698 · Google · Android

CVE-2015-3840

Weakness Enumeration

Related Identifiers

Affected Products

References · 4