Android 4.4.2 patches Nexus smartphone ‘Class 0 SMS’ vulnerability

Remember the Nexus SMS Bug

What was the vulnerability: When a large number of Flash messages (also known as Class 0 SMS) – around 30 – are received on a Nexus smartphone running Android 4.x.x and are not dismissed, the Nexus devices act in unusual ways (shut down or stop responding)

Here is the list of issues that have been fixed as part of Android 4.4.2 (Only open-source portions, Nexus smartphone also include proprietary technology from Google, which is not open-source)

  • Fix OOBE crash/DoS after receiving 0-byte WAP push.
  • Reduce logging of flattened Preferences
  • Android denial of service attack using class 0 SMS messages
  • Put fragment in specific activity’s whitelist

The number three issue relates the SMS vulnerability and it has been fixed. Other smartphone vendors, whose smartphones might have the same vulnerability can also now take the fix from AOSP and patches it on their devices.

Changelog via FunkyAndroid


Post Author: Gaurav Shukla

Gaurav Shukla is the editor of AndroidOS.in. If you'd like to reach him, drop an email at 'gaurav@androidos.in' or connect with him on Twitter (@gauravshukla).

Leave a Reply

Your email address will not be published. Required fields are marked *