What was the vulnerability: When a large number of Flash messages (also known as Class 0 SMS) – around 30 – are received on a Nexus smartphone running Android 4.x.x and are not dismissed, the Nexus devices act in unusual ways (shut down or stop responding)
Here is the list of issues that have been fixed as part of Android 4.4.2 (Only open-source portions, Nexus smartphone also include proprietary technology from Google, which is not open-source)
- Fix OOBE crash/DoS after receiving 0-byte WAP push.
- Reduce logging of flattened Preferences
- Android denial of service attack using class 0 SMS messages
- Put fragment in specific activity’s whitelist
The number three issue relates the SMS vulnerability and it has been fixed. Other smartphone vendors, whose smartphones might have the same vulnerability can also now take the fix from AOSP and patches it on their devices.
