CVE-2018-14990

Name of the Vulnerable Software and Affected Versions Coolpad Defiant version 7.1.1 ZTE ZMAX Pro version 6.0.1 T-Mobile Revvl Plus version 7.1.1 com.suntek.mway.rcs.app.service versions RCS sdk M native 20161008 01 through RCS sdk M native 20170406 01 com.rcs.gsma.na.sdk version RCS SDK 20170804 01

Description The pre-installed Rich Communication Services (RCS) app on certain devices contains an exported broadcast receiver app component, allowing any co-located app to send text messages with attacker-controlled number and body. This can be done by a zero-permission app, and the app cannot be disabled by the user. Additionally, a separate issue in the app allows a zero-permission app to delete text messages, potentially removing evidence of the sent messages.

Recommendations For Coolpad Defiant version 7.1.1, consider disabling the com.suntek.mway.rcs.app.test.TestReceiver broadcast receiver app component as a temporary workaround. For ZTE ZMAX Pro version 6.0.1, restrict access to the com.suntek.mway.rcs.app.service package to minimize the risk of exploitation. For T-Mobile Revvl Plus version 7.1.1, avoid using the com.rcs.gsma.na.test.TestReceiver broadcast receiver app component until the issue is resolved. For com.suntek.mway.rcs.app.service versions RCS sdk M native 20161008 01 through RCS sdk M native 20170406 01, and com.rcs.gsma.na.sdk version RCS SDK 20170804 01, at the moment, there is no information about a newer version that contains a fix for this vulnerability.