Three new Android vulnerabilities, one remote

Yesterday on PacketStorm were published advisories for three newly discovered vulnerabilities on Android, in versions prior to Lollipop (5.0): one of these allows to be exploited by remote.

Android Exploits

In Android <5.0 (and maybe >= 4.0), Settings application leaks Pendingintent with a blank base intent (neither the component nor the action is explicitly set) to third party application, bad app can use this to broadcast intent with the same permissions and identity of the Settings application, which runs as SYSTEM uid.

In Android <5.0, a SQL injection vulnerability exists in the opt module WAPPushManager, attacker can remotely send malformed WAPPush message to launch any activity or service in the victim’s phone

In Android <5.0, an unprivileged app can resend all the SMS stored in the user’s phone to their corresponding recipients or senders (without user interaction).

Published: November 27 2014