VULNERABILITIES / FIXES - October 11, 2012
by Carol~ - 10/11/12 8:20 AM
Samsung Galaxy S III Two Vulnerabilities
Release Date : 2012-10-11
Criticality level : Highly critical
Impact: System access
Where : From remote
Solution Status : Unpatched
Operating System : Samsung Galaxy S III
MWR InfoSecurity has reported two vulnerabilities in Samsung Galaxy S III, which can be exploited by malicious people to compromise a vulnerable device.
1) An unspecified error within the document viewer when handling certain files can be exploited to corrupt memory.
2) An unspecified error can be exploited to bypass the application sandbox and execute arbitrary code with root permissions.
Successful exploitation of this vulnerability requires that a malicious application is installed.
The vulnerabilities are reported in Samsung Galaxy S III running Android version 4.0.4. Other Android versions may also be affected.
No official solution is currently available.
Provided and/or discovered by:
Tyrone Erasmus, Jon Butler, Jacques Louw, and Nils, MWR InfoSecurity.