All of the vulnerabilities can be exploited without privilege and according to Paleari, stem from “Samsung-specific software and customizations.” Paleari said two of the vulnerabilities can be used to silently install highly privileged applications without user interaction while another allows attackers to send SMS messages without permission
Paleari said he informed Samsung in mid-January shortly after he found the bugs and still hasn’t heard from the South Korean company about a fix. Instead, Paleari writes that Samsung did contact him on Feb. 20 and requested he delay public disclosure, insisting that “any patches [Samsung] develops must first be approved by the network carriers.”
This system is completely broken.
Hi, I'm Weiran Zhang. I work as a Software Enginnering Manager at Capital One. I have a passion for iOS and building thriving software teams. This blog is a place for me to document things I've learned and things I find interesting. You should follow me on Twitter.