PROBLEM:
Google Android Dialer TEL URL Handling Flaw Lets Remote Users Deny Service
PLATFORM:
Android Version: 2.3.x (potentially earlier versions before 2.3.x too), 3.x (Honeycomb), 4.0.x Ice Cream Sandwitch, 4.1.x Jelly Bean
Devices affected include: Samsung Galaxy SIII, SII, S Advance, Ace, and possibly others; HTC One Series, Sensation, Sensation XL, and possibly others; Motorola Droids, and Sony Ericsson Xperia series
ABSTRACT:
A vulnerability was reported in Google Android
reference LINKS:
USSD/Android-Dailer-vulnerability
SecurityTracker Alert ID: 1027587
IMPACT ASSESSMENT:
Medium
Discussion:
A remote user can create a specially crafted 'TEL' protocol URL that, when loaded by the target user, will execute unstructured supplementary service data (USSD) codes on the target user's device and destroy the SIM card on the target user's device.
Impact:
A remote user can destroy the SIM card on the target user's device.
Solution:
Update your device. The vendor silently issued a fix in June 2012.