CVE-2016-6910 in Galaxy S6 Edgeinfo

Summary

The non-existent notification listener vulnerability was introduced in the initial Android 5.0.2 builds for the Samsung Galaxy S6 Edge devices, but the vulnerability can persist on the device even after the device has been upgraded to an Android 5.1.1 or 6.0.1 build. The vulnerable system app gives a non-existent app the ability to read the notifications from the device, which a third-party app can utilize if it uses a package name of com.samsung.android.app.portalservicewidget. This vulnerability allows an unprivileged third-party app to obtain the text of the user's notifications, which tend to contain personal data.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Reservation

08/22/2016

Disclosure

12/23/2016

Moderation

VulDB entry created

Entries

VDB-94663 (1)

CPE

ready

CWE

CWE-200 (Confirmed)

CVSS

4.9

EPSS

0.00088

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2016-6910
NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-6910
CVE Details	https://www.cvedetails.com/cve/CVE-2016-6910/

◂ Previous Overview Next ▸

Might our Artificial Intelligence support you?

Check our Alexa App!