The non-existent notification listener vulnerability was introduced in the initial Android 5.0.2 builds for the Samsung Galaxy S6 Edge devices, but the vulnerability can persist on the device even after the device has been upgraded to an Android 5.1.1 or 6.0.1 build. The vulnerable system app gives a non-existent app the ability to read the notifications from the device, which a third-party app can utilize if it uses a package name of com.samsung.android.app.portalservicewidget. This vulnerability allows an unprivileged third-party app to obtain the text of the user's notifications, which tend to contain personal data.
References
Link | Resource |
---|---|
http://www.kryptowire.com/disclosures/CVE-2016-6910/Factory_Resets_and_Obtaining_Notifications_on_Samsung_Android_Devices.pdf | Technical Description Third Party Advisory |
http://www.securityfocus.com/bid/95092 | |
http://www.kryptowire.com/disclosures/CVE-2016-6910/Factory_Resets_and_Obtaining_Notifications_on_Samsung_Android_Devices.pdf | Technical Description Third Party Advisory |
http://www.securityfocus.com/bid/95092 |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 02:57
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.kryptowire.com/disclosures/CVE-2016-6910/Factory_Resets_and_Obtaining_Notifications_on_Samsung_Android_Devices.pdf - Technical Description, Third Party Advisory | |
References | () http://www.securityfocus.com/bid/95092 - |
Information
Published : 2016-12-23 16:59
Updated : 2024-11-21 02:57
NVD link : CVE-2016-6910
Mitre link : CVE-2016-6910
CVE.ORG link : CVE-2016-6910
JSON object : View
Products Affected
- android
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor