The Android Dialer contains a flaw that is triggered during the handling of certain Unstructured Supplementary Service Data (USSD) codes from a web page that contains a specially crafted 'tel:' URI. This may allow a context-dependent attacker to reset the device back to factory settings.
Android Framework contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when the URI ACTION_VIEW Intent action passes arbitrary information to a remote attacker, even in cases where no permissions are required to export information have been granted.
The Android Framework contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a user installs a malicious Android application that requires no permissions. Due to a flaw in permission management, the malicious application may be able to scan the device's SD card, fetch the /data/system/packages.list file, and bypass the PHONE_STATE permission. This information can then be sent to a remote server, potentially disclosing sensitive information.
Android is prone to multiple security vulnerabilities including:
1. Multiple security-bypass vulnerabilities
2. Multiple information-disclosure vulnerabilities
3. A file-overwrite vulnerability
Successful exploits allows an attacker to gain access to sensitive information, bypass certain security restrictions, or overwrite arbitrary files. Other attacks are also possible.
Android is prone to an SMS-spoofing vulnerability.
An attacker may exploit this vulnerability to send spoofed SMS contents to a victim that seem to originate from a trusted user. This allows a remote attacker to carry out phishing attacks. Other attacks may be possible.
Android versions 1.6 (Donut) through 4.1 (Jelly Bean) are vulnerable.