3 matches found
CVE-2015-4640
The SwiftKey language-pack update implementation on Samsung Galaxy S4, S4 Mini, S5, and S6 devices relies on an HTTP connection to the skslm.swiftkey.net server, which allows man-in-the-middle attackers to write to language-pack files by modifying an HTTP response. NOTE: CVE-2015-4640 exploitatio...
Code injection
The SwiftKey language-pack update implementation on Samsung Galaxy S4, S4 Mini, S5, and S6 devices relies on an HTTP connection to the skslm.swiftkey.net server, which allows man-in-the-middle attackers to write to language-pack files by modifying an HTTP response. NOTE: CVE-2015-4640 exploitatio...
CVE-2015-4640
The CVE-2015-4640 entry relates to Samsung Galaxy S4/S4 Mini/S5/S6 devices where the SwiftKey language-pack updater uses HTTP to contact skslm.swiftkey.net. This enables man-in-the-middle attackers to modify HTTP responses and write to language-pack files. Connected documents corroborate this vul...