CM Security found a high-risk vulnerability in Android: Android exploits the vulnerability without having to make phone calls, making any phone calls, including dialing special numbers to execute system commands such as emptying mobile data. CM Security has been updated urgently to prevent Android malware from exploiting the phone permissions vulnerability.
"If a normal Android program needs to make a call, you have to apply for system privileges before installation and users can use the Jinshan Mobile Virus to manage whether applications on the phone can use system privileges." CM Security security experts explained, "Now, due to a Phone Permission Vulnerability Malicious programs can bypass system constraints for malicious purposes. "
Figure 1 Jinshan mobile drug tyrants management Android application system permissions
CM Security Lab Check found that Android Phone Permissions Vulnerability affects most users of Android 4.1, 4.2 and 4.4.2, accounting for 59% of the global Android mobile phone. The actual verification found that the following mainstream Android phones have phone permissions loopholes.
Device version
Galaxy Note 14.4.2
Galaxy Note 24.1.1
Nexus 44.4.2
Nexus 54.4
SAMSUNG GT-I826D4.1.2
SONY c21054.1.2
Harm of Phone Permission Vulnerability
Attackers use Android phone vulnerabilities to bypass the system rights management, you can directly dial the information desk, international calls and other long-distance calls, causing economic losses to users. Malicious programs are also free to interrupt the normal program to make phone calls, causing interference with the use of mobile phones. The most serious is that malicious programs can dial a special number through the phone dial-up to start the phone's built-in management functions, such as instantly restore the phone to the factory state, clear all the phone data.
CM Security Labs has urgently upgraded Clean Master and CM Security to intercept Android malware exploited by phone-privileged vulnerabilities. Users are advised to try to download applications through the relatively reliable Android software market, and do not easily download through informal channels such as chatting tools and forums.
Figure 2 Jinshan mobile phone virus tyrants to intercept phone use permissions Android vulnerability
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.