CVE-2016-7991

omacp app ignores security fields in OMA CP message

Publish date

August 2016

Identifier

CVE-2016-7991

Manufacturer

Samsung

Product

Android

Patched

http://security.samsungmobile.com/smrupdate.html#SMR-AUG-2016

Authors

Tom Court

Description

On Samsung Galaxy S4 through S7 devices, the "omacp" app ignores security information embedded in the OMACP messages resulting in remote unsolicited WAP Push SMS messages being accepted, parsed, and handled by the device, leading to unauthorized configuration changes, a subset of SVE-2016-6542.

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7991

 

CREST
CREST STAR
CHECK IT Health Check Service
CBEST
Cyber Essentials
CESG Certified Service
First - Improving Security Together
BSI ISO 9001 FS 581360
BSI ISO 27001 IS 553326
PCI - Approved Scanning Vendor
NCSC CCSC - Assured Service Provider