[<prev] [next>] [day] [month] [year] [list]
Message-ID: <CAGzoL_p5=+bia0u6c=BgmjXYLKio_1o-5BTn97sYGATkrF4arw@mail.gmail.com>
Date: Tue, 16 Jul 2013 10:13:43 +0800
From: 醉麻 <mazuishenghuo@...il.com>
To: bugtraq@...urityfocus.com
Subject: [CVE-2013-4763|CVE-2013-4764] Vulnerability in built-in system app of
Samsung Galaxy S3/S4
Hi list,
I would like to inform you that the details of the vulnerability in
built-in system app of Samsung Galaxy S3/S4 (assigned as CVE-2013-4763
and CVE-2013-4764) are now disclosed to public.
In Samsung Galaxy S3/S4, a pre-loaded app, i.e.,
sCloudBackupProvider.apk, is used to provide backup functionality for
the users, and it unintentially exposes several unprotected
components. By exploiting these unprotected components, an
unprivileged app can trigger a so-called “restore” operation to write
SMS messages back to the standard SMS database file (mmssms.db) used
by the system messaging app, i.e., SecMms.apk. As a result, a smishing
attack can effectively create and inject arbitrary (fake) SMS text
messages. Similarly, fake MMS messages and call logs are also
possible. This vulnerability has been disclosed in CVE-2013-4763.
Also, these components can be sequentially triggered in a specific
order to create arbitrary SMS content, inject to system-wide SMS
database, and then trigger the built-in SMS-sending behavior (to
arbitrary destination). This vulnerability has been disclosed in
CVE-2013-4764.
QIHU Inc. discovered these vulnerability and informed Samsung Corp. in
June 10, 2013. Samsung confirmed the vulerability and is now preparing
an OTA update. As a temporary workaround, disable the
sCloudBackupProvider.apk app would help block known attack vectors.
Details of CVE-2013-4763 and CVE-2013-4764 can be also found in QIHU
Inc.'s official site:
http://shouji.360.cn/securityReportlist/CVE-2013-4763.html
http://shouji.360.cn/securityReportlist/CVE-2013-4764.html
Regards,
Z.X. from QIHU Inc.
Powered by blists - more mailing lists