Google Android Dialer TEL URL Handling Vulnerability

Last Update Date: 3 Oct 2012 10:29 Release Date: 3 Oct 2012 5156 Views

RISK: High Risk

High Risk

TYPE: Operating Systems - Mobile & Apps

TYPE: Mobile & Apps

A vulnerability has been identified in Google Android. A remote user can cause denial of service conditions.

 

A remote user can create a specially crafted 'TEL' protocol URL that, when loaded by the target user, will execute unstructured supplementary service data (USSD) codes on the target user's device and destroy the SIM card on the target user's device.

 

The vulnerability resides in the Android Dialer.

 

Note: On Samsung devices, the impact also includes remote wipe of the device.

Impact

  • Denial of Service

System / Technologies affected

  • Samsung Galaxy SIII
  • Samsung Galaxy SII
  • Samsung Galaxy S Advance
  • Samsung Galaxy Ace
  • HTC One Series
  • HTC Sensation
  • HTC Sensation XL
  • Motorola Droids
  • Sony Ericsson Xperia series

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • The vendor silently issued a fix in June 2012.

Vulnerability Identifier

  • No CVE information is available

Source

Related Link

Share with

Previous

HP-UX OpenSSL Denial of Service Vulnerability

28 Sep 2012 4521 Views

Next

Wireshark Multiple Vulnerabilities

4 Oct 2012 4964 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY