31 matches found
EUVD-2016-8839
Malware in sbrugna...
EUVD-2016-8837
Malware in sbrugna...
EUVD-2009-0400
Malware in sbrugna...
New FinSpy iOS and Android implants revealed ITW
Updated: 23.07.2019 After publication of this article, we received a letter from a representative of Gamma Group International Ltd. stating that they disposed of all interests in FinFisher FinSpy in 2013. This article has been corrected in accordance with this new information. According to...
Samsung Galaxy S7 Edge: Overflow in OMACP WbXml String Extension Processing(CVE-2018-10751)
OMACP is a protocol supported by many mobile devices which allows them to receive provisioning information over the mobile network. One way to provision a device is via a WAP push SMS message containing provisioning information in WbXML. A malformed OMACP WAP push message can cause memory...
CVE-2018-10751
A malformed OMACP WAP push message can cause memory corruption on a Samsung S7 Edge device when processing the String Extension portion of the WbXml payload. This is due to an integer overflow in memory allocation for this string. The Samsung ID is SVE-2018-11463...
CVE-2018-10751
A malformed OMACP WAP push message can cause memory corruption on a Samsung S7 Edge device when processing the String Extension portion of the WbXml payload. This is due to an integer overflow in memory allocation for this string. The Samsung ID is SVE-2018-11463...
Samsung Galaxy S7 Edge - Overflow in OMACP WbXml String Extension Processing
OMACP is a protocol supported by many mobile devices which allows them to receive provisioning information over the mobile network. One way to provision a device is via a WAP push SMS message containing provisioning information in WbXML. A malformed OMACP WAP push message can cause memory...
Samsung Galaxy S7 Edge - Overflow in OMACP WbXml String Extension Processing
Samsung Galaxy S7 Edge - Overflow in OMACP WbXml String Extension Processing OMACP is a protocol supported by many mobile devices which allows them to receive provisioning information over the mobile network. One way to provision a device is via a WAP push SMS message containing provisioning...
CVE-2016-7991
On Samsung Galaxy S4 through S7 devices, the "omacp" app ignores security information embedded in the OMACP messages resulting in remote unsolicited WAP Push SMS messages being accepted, parsed, and handled by the device, leading to unauthorized configuration changes, a subset of SVE-2016-6542...
CVE-2016-7991
On Samsung Galaxy S4 through S7 devices, the "omacp" app ignores security information embedded in the OMACP messages resulting in remote unsolicited WAP Push SMS messages being accepted, parsed, and handled by the device, leading to unauthorized configuration changes, a subset of SVE-2016-6542...
CVE-2016-7990
On Samsung Galaxy S4 through S7 devices, an integer overflow condition exists within libomacp.so when parsing OMACP messages within WAP Push SMS messages leading to a heap corruption that can result in Denial of Service and potentially remote code execution, a subset of SVE-2016-6542...
CVE-2016-7989
On Samsung Galaxy S4 through S7 devices, a malformed OTA WAP PUSH SMS containing an OMACP message sent remotely triggers an unhandled ArrayIndexOutOfBoundsException in Samsung's implementation of the WifiServiceImpl class within wifi-service.jar. This causes the Android runtime to continually...
Design/Logic Flaw
On Samsung Galaxy S4 through S7 devices, a malformed OTA WAP PUSH SMS containing an OMACP message sent remotely triggers an unhandled ArrayIndexOutOfBoundsException in Samsung's implementation of the WifiServiceImpl class within wifi-service.jar. This causes the Android runtime to continually...
Design/Logic Flaw
On Samsung Galaxy S4 through S7 devices, the "omacp" app ignores security information embedded in the OMACP messages resulting in remote unsolicited WAP Push SMS messages being accepted, parsed, and handled by the device, leading to unauthorized configuration changes, a subset of SVE-2016-6542...
CVE-2016-7991
On Samsung Galaxy S4 through S7 devices, the "omacp" app ignores security information embedded in the OMACP messages resulting in remote unsolicited WAP Push SMS messages being accepted, parsed, and handled by the device, leading to unauthorized configuration changes, a subset of SVE-2016-6542...
CVE-2016-7991
The CVE affects Samsung Galaxy S4 through S7 devices where the omacp app ignores security information embedded in OMACP messages. This allows remote unsolicited WAP Push SMS messages to be accepted, parsed, and acted upon, leading to unauthorized configuration changes. Root cause is the omacp han...
CVE-2009-2999
The com.android.phone process in Android 1.5 CRBxx allows remote attackers to cause a denial of service application restart and network disconnection via an SMS message containing a malformed WAP Push message that triggers an ArrayIndexOutOfBoundsException exception, possibly a related issue to...
Design/Logic Flaw
The com.android.phone process in Android 1.5 CRBxx allows remote attackers to cause a denial of service application restart and network disconnection via an SMS message containing a malformed WAP Push message that triggers an ArrayIndexOutOfBoundsException exception, possibly a related issue to...
CVE-2009-2999
The com.android.phone process in Android 1.5 CRBxx allows remote attackers to cause a denial of service application restart and network disconnection via an SMS message containing a malformed WAP Push message that triggers an ArrayIndexOutOfBoundsException exception, possibly a related issue to...