CVE-2015-3858
CVE-2015-3858 affects Android before 5.1.1 LMY48M. The issue is in the checkDestination function of internal/telephony/SMSDispatcher.java, which relies on an obsolete permission name for an authorization check, enabling a crafted app to bypass the user-confirmation requirement for SMS short-code ...