Weak Permissions in Samsung S6 Edge EmailComposer Application

Weak Permissions in Samsung S6 Edge EmailComposer Application

CVE-2015-7889 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:N/A:N

The SecEmailComposer/EmailComposer application in the Samsung S6 Edge before the October 2015 MR uses weak permissions for the com.samsung.android.email.intent.action.QUICK_REPLY_BACKGROUND service action, which might allow remote attackers with knowledge of the local email address to obtain sensitive information via a crafted application that sends a crafted intent.

Learn more about our Cis Benchmark Audit For Google Android.