Posted by Wang,Tao(Scloud) on Nov 26

INTRODUCTION
==================================
In Android <5.0, a SQL injection vulnerability exists in the opt module WAPPushManager, attacker can remotely send
malformed WAPPush message to launch any activity or service in the victim’s phone (need permission check)

DETAILS
==================================
When a WAPPush message is received, the raw pdu is processed by dispatchWapPdu method in…