Vulnerabilities

CVE-2018-14066

by Fred · 15/07/2018

The content provider in com.android.provider.telephony, as found in some custom ROMs for Android phones, allows SQL injection. One consequence is that an application without the READ_SMS permission can read SMS messages. This affects Infinix X571 phones, as well as various Lenovo phones (such as the A7020) that have since been fixed by Lenovo.

Date published : 2018-07-15

Lenovo & Infinix SQL Injection to Mobile SMS Leakage

Similar

Tags: Cybersecurity Alert