Android is prone to an SMS-spoofing vulnerability.
An attacker may exploit this vulnerability to send spoofed SMS contents to a victim that seem to originate from a trusted user. This allows a remote attacker to carry out phishing attacks. Other attacks may be possible.
Android versions 1.6 (Donut) through 4.1 (Jelly Bean) are vulnerable.
Android is prone to an information-disclosure vulnerability.
This may result in a false sense of security if users wipe their phone data and expect this data to be completely erased from the device.
An attacker with physical access can exploit this issue to obtain potentially sensitive information. Information obtained may aid in further attacks.
Open Handset Alliance Android is prone to the following vulnerabilities:
1. A security weakness.
2. A cross-site scripting vulnerability.
3. Multiple cross-domain scripting vulnerabilities.
Successfully exploiting these issues may allow an attacker to bypass the same-origin protection and obtain potentially sensitive information, execute arbitrary script code in the browser of an unsuspecting user, steal cookie-based authentication credentials, and perform certain administrative actions in the vulnerable application.
Open Handset Alliance Android is prone to local privilege-escalation and security-bypass vulnerabilities.
A local attacker can exploit the security-bypass issue to install arbitrary applications on the device, without sufficient privileges.
A local attacker can also exploit the privilege-escalation issue to elevate privileges, leading to a complete compromise of the device.
Open Handset Alliance Android is prone to a security vulnerability that may allow attackers to spoof SSL certificates.
Attackers can exploit this issue to display incorrect SSL certificates. Successful exploits will cause victims to assume that they are viewing a legitimate site.
Open Handset Alliance Android is prone to a privilege-escalation vulnerability.
Successfully exploiting this issue can allow attackers to bypass sandbox protections and perform actions with elevated privileges on less privileged applications.