近日,三星手机公司发布了2016年11月份的安全公告[1],对MS509团队发现的一中危漏洞予以致谢。
漏洞详情如下:
SVE-2016-7044: system_server crash, DoS (AntService)
Severity: Medium
Affected versions: KK(4.4), L(5.0/5.1), M(6.0)
Reported on: September 6, 2016
Disclosure status: Privately disclosed.
The system services “AntService” doesn’t have proper access control and exception handling. And it allows attackers to use system API of “AntService” and cause rebooting of device by force-crashing the service.
The patch restricts unauthorized access to the “AntService” and filters out improper cases which may cause crash。
[1] http://security.samsungmobile.com/smrupdate.html#SMR-NOV-2016