CVE-2018-14066

Name of the Vulnerable Software and Affected Versions com.android.provider.telephony (affected versions not specified) Infinix X571 (affected versions not specified) Lenovo phones (such as the A7020) (affected versions not specified)

Description The issue allows SQL injection through the content://wappush content provider in com.android.provider.telephony, found in some custom ROMs for Android phones. This enables an application without the READ SMS permission to read SMS messages.

Recommendations For com.android.provider.telephony, consider restricting access to the content://wappush content provider until a fix is available. For Infinix X571 phones, contact the manufacturer for guidance on resolving the issue. For Lenovo phones (such as the A7020), update to the fixed version provided by Lenovo. At the moment, there is no information about a newer version that contains a fix for this vulnerability for Infinix X571 and com.android.provider.telephony.