CVE-2015-3825

Severity Level: High
AppRisk Coverage: Yes
Type: Vulnerability
OWASP: M4: Unintended Data Leakage
Aliases:

• OpenSSLX509Certificate deserialization Vulnerability

Platform: Android
File size (bytes): N/A
Filename: N/A
App title: N/A
MD5 Hash: N/A
SHA1 hash: N/A
Affected CVE:

• CVE-2015-3825

Details or analysis:

This is a privilege escalation and arbitrary code execution vulnerability. The vulnerability is present in an Android framework class “OpenSSLX509Certificate“. An attacker could exploit this vulnerability to give a malicious app with no privileges the ability to become a “super app” and also give control of the affected device.

Reference:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3825
• http://drops.wooyun.org/papers/10235
• https://www.usenix.org/system/files/conference/woot15/woot15-paper-peles.pdf