Unauthenticated Local Privilege Escalation in Android MessageStatusReceiver Service
CVE-2015-3840 · LOW Severity
AV:L/AC:L/AU:N/C:N/I:P/A:N
The MessageStatusReceiver service in the AndroidManifest.XML in Android 5.1.1 and earlier allows local users to alter sent/received statuses of SMS and MMS messages without the associated "WRITE_SMS" permission.
Learn more about our Cis Benchmark Audit For Google Android.