The checkDestination function in internal/telephony/SMSDispatcher.java in Android before 5.1.1 LMY48M relies on an obsolete permission name for an authorization check, which allows attackers to bypass an intended user-confirmation requirement for SMS short-code messaging via a crafted application, aka internal bug 22314646.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: google_android
Published: 2015-10-01T00:00:00
Updated: 2024-08-06T05:56:16.309Z
Reserved: 2015-05-12T00:00:00
Link: CVE-2015-3858
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2015-10-01T00:59:27.203
Modified: 2015-10-01T18:07:22.643
Link: CVE-2015-3858
Redhat
No data.