[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[CVE-2013-4763|CVE-2013-4764] Vulnerability in built-in system app of Samsung Galaxy S3/S4
- To: bugtraq@xxxxxxxxxxxxxxxxx
- Subject: [CVE-2013-4763|CVE-2013-4764] Vulnerability in built-in system app of Samsung Galaxy S3/S4
- From: 醉麻 <mazuishenghuo@xxxxxxxxx>
- Date: Tue, 16 Jul 2013 10:13:43 +0800
Hi list,
I would like to inform you that the details of the vulnerability in
built-in system app of Samsung Galaxy S3/S4 (assigned as CVE-2013-4763
and CVE-2013-4764) are now disclosed to public.
In Samsung Galaxy S3/S4, a pre-loaded app, i.e.,
sCloudBackupProvider.apk, is used to provide backup functionality for
the users, and it unintentially exposes several unprotected
components. By exploiting these unprotected components, an
unprivileged app can trigger a so-called “restore” operation to write
SMS messages back to the standard SMS database file (mmssms.db) used
by the system messaging app, i.e., SecMms.apk. As a result, a smishing
attack can effectively create and inject arbitrary (fake) SMS text
messages. Similarly, fake MMS messages and call logs are also
possible. This vulnerability has been disclosed in CVE-2013-4763.
Also, these components can be sequentially triggered in a specific
order to create arbitrary SMS content, inject to system-wide SMS
database, and then trigger the built-in SMS-sending behavior (to
arbitrary destination). This vulnerability has been disclosed in
CVE-2013-4764.
QIHU Inc. discovered these vulnerability and informed Samsung Corp. in
June 10, 2013. Samsung confirmed the vulerability and is now preparing
an OTA update. As a temporary workaround, disable the
sCloudBackupProvider.apk app would help block known attack vectors.
Details of CVE-2013-4763 and CVE-2013-4764 can be also found in QIHU
Inc.'s official site:
http://shouji.360.cn/securityReportlist/CVE-2013-4763.html
http://shouji.360.cn/securityReportlist/CVE-2013-4764.html
Regards,
Z.X. from QIHU Inc.