Android 4.4.2 patches Nexus smartphone 'Class 0 SMS' vulnerability
Remember the recent reports that talked about an SMS vulnerability in Nexus smartphone, well it has been patched thanks to the recent Android 4.2.2 update.
What was the vulnerability: When a large number of Flash messages (also known as Class 0 SMS) – around 30 – are received on a Nexus smartphone running Android 4.x.x and are not dismissed, the Nexus devices act in unusual ways (shut down or stop responding)
Here is the list of issues that have been fixed as part of Android 4.4.2 (Only open-source portions, Nexus smartphone also include proprietary technology from Google, which is not open-source)
- Fix OOBE crash/DoS after receiving 0-byte WAP push.
- Reduce logging of flattened Preferences
- Android denial of service attack using class 0 SMS messages
- Put fragment in specific activity’s whitelist
The number three issue relates the SMS vulnerability and it has been fixed. Other smartphone vendors, whose smartphones might have the same vulnerability can also now take the fix from AOSP and patches it on their devices.