| Title: |
Vulnerability in 360 KouXin (360口信) for Android |
| Time: |
14 Dec 2011 |
| Author: |
Daoyuan Wu*, Xiapu Luo* and Rocky K. C. Chang |
|
Department of Computing, The Hong Kong Polytechnic University, Hong Kong |
|
* authors with equal contributions |
| CVE ID: |
CVE-2011-4772 |
| Category: |
Newly Confirmed
|
| Related Vendor: |
Qihoo 360 Technology Co.,Ltd |
| Archive Time: |
December 14, 2011 PM06:23:19 HKT |
| Package Name: |
com.qihoo360.kouxin |
| Full Name: |
360 KouXin (“360口信” in Chinese name) |
| Affected Version: |
1.5.3 (the latest version in 14 Dec 2011) |
| Package Installs: |
500 - 1,000 |
| Market Link: |
https://market.android.com/details?id=com.qihoo360.kouxin |
| Update Log: |
2.0.0, the latest version in Mar 15 2012 HKT, also has this vulnerability! |
| Status: |
Breif impact description now releases to public.
|
| Breif Description: |
Allow a malicious application to access and manipulate user’s sensitive contacts, sms messages and etc. |
| Contact Time: |
Dec 16, 2011 at 4:10 PM HKT
|
| Confirm Time: |
Dec 16, 2011 at 9:36 PM HKT |
| Patched Time: |
Unknown |
| Patched Status: |
Unknown |
Although we only mention one or several affected version in our report, other versions may also be vulnerable, e.g. lower version, pad version or paid version.