| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 17 Sep 2014 06:56:54 GMT From: vuln@...c.org.cn To: bugtraq@...urityfocus.com Subject: MIUI Torch Open Vulnerability MIUI Torch Open Vulnerability I. Summary com.android.systemui is the corresponding package of MiuiSystemUI.apk, a MIUI system application that manages user interface and other functions. When started by NFC tag, the torch in NFC mobile phone will be open automatically. ----------------------------------------------------------------- II. Description construct a message as follow: D4 0F 14 61 6E 64 72 6F 69 64 2E 63 6F 6D 3A 70 6B 67 63 6F 6D 2E 61 6E 64 72 6F 69 64 2E 73 79 73 74 65 6D 75 69 Then write the message to NFC tag. Touch the NFC tag with Samsung GT-I9300(installed with MIUI 5.30, an Android ROM), the torch will be turned on automatically. ------------------------------------------------------------------ III. Impact This bug cause the torch of MIUI turned on automatically ------------------------------------------------------------------ IV. Affected MIUI 4.1.17/5.30 other versions we don't test. ------------------------------------------------------------------ V. Solution
Powered by blists - more mailing lists