Joshua Wright

1 exploit Active since Dec 2014
CVE-2014-8610 WRITEUP WORKING POC
Android < 5.0.0 - Unauthenticated SMS Transmission via Broadcast Intent
AndroidManifest.xml in Android before 5.0.0 does not require the SEND_SMS permission for the SmsReceiver receiver, which allows attackers to send stored SMS messages, and consequently transmit arbitrary new draft SMS messages or trigger additional per-message charges from a network operator for old messages, via a crafted application that broadcasts an intent with the com.android.mms.transaction.MESSAGE_SENT action, aka Bug 17671795.