Description:
Multiple vulnerabilities are found in Android. A remote attacker could send a specially crafted Multimedia Messaging Service (MMS) message to targeted Android devices to exploit the vulnerabilities. It requires no user-interaction to trigger the exploit and leaves users unnoticed.
Affected Systems:
- Any devices running Android version 2.2 or above
Impact:
A successful attack could lead to remote code execution at the Android devices, possibly causing information leakage, data loss and service interruptions.
Recommendation:
- Do not open any received MMS from unknown senders;
- Disable MMS at the Android devices until patches available from the device manufacturers and having been installed;
- To disable MMS, from the Android main screen, go to “Settings” -> “Wireless and Networks” -> “Mobile Network”, tap on the current Access Point Name (APN) and remove the settings for MMSC, MMS proxy and MMS port;
- If it is really necessary to use MMS, stop the auto-retrieve functions of MMS messages in all messaging apps and enable the blocking of unknown senders; and
- Ascertain that the Android devices are updated with the patches once available; Google has provided patches to device manufacturers for their further testing and distribution to their customers’ devices; Contact the device manufacturers for the patch availability and details.
More Information:
http://blog.zimperium.com/experts-found-a-unicorn-in-the-heart-of-android/
https://www.hkcert.org/my_url/en/blog/15072801
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1538
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1539
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3824
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3826
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3827
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3828
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3829