Exploiting the flaw requires the attacker to have physical access to an unlocked device, or, the victim can be tricked into installing a malicious application on the device.
Tara Seals
A widespread vulnerability has been discovered that affects Android devices going back a whopping five years. It gives attackers access to victims SMS databases and phone history, and allows them to access the internetall undetected.
The issue affects both flagship and non-flagship devices that use Qualcomm chips and/or Qualcomm code, meaning that hundreds of models are affected and likely millions of gadgets. Mandiants Red Team has confirmed the vulnerability on devices running Lollipop (5.0), KitKat (4.4), and Jellybean MR2 (4.3) and Ice Cream Sandwich MR1 (4.0.3)meaning that its mostly older devices that are affected.
To read the entire article, please click here.
Source: http://www.infosecurity-magazine.com/