Unauthenticated Local Privilege Escalation in Android MessageStatusReceiver Service

Unauthenticated Local Privilege Escalation in Android MessageStatusReceiver Service

CVE-2015-3840 · LOW Severity

AV:L/AC:L/AU:N/C:N/I:P/A:N

The MessageStatusReceiver service in the AndroidManifest.XML in Android 5.1.1 and earlier allows local users to alter sent/received statuses of SMS and MMS messages without the associated "WRITE_SMS" permission.

Learn more about our Cis Benchmark Audit For Google Android.