Android Multiple Versions Missing Permission Check in MMS Service Leading to Information Disclosure Vulnerability
Vulnerability
A vulnerability exists in the Android MMS service across multiple versions, where a missing permission check allows for unauthorized file access between users. This flaw could result in local information disclosure without requiring additional execution privileges or user interaction for exploitation.
Impact
Exploitation of this vulnerability could lead to unauthorized access to files belonging to another user, causing a breach of privacy and confidentiality.
Reproduction
The vulnerability can be reproduced by sending or downloading MMS messages. The issue arises when the primary user account interacts with the MMS service, potentially allowing the secondary user account to access files without proper authorization.
Remediation
Users can update their devices to the December 2025 security patch level to address this vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.