Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Intent Abuse in Google Messages for Wear OS for Silent Message Sending
Vulnerability Description
On Wear OS devices, when Google Messages is configured as the default SMS/MMS/RCS application, the handling of ACTION_SENDTO intents utilizing the sms:, smsto:, mms:, and mmsto: Uniform Resource Identifier (URI) schemes is incorrectly implemented. Due to this misconfiguration, an attacker capable of invoking an Android intent can exploit this vulnerability to send messages on the user’s behalf to arbitrary receivers without requiring any further user interaction or specific permissions. This allows for the silent and unauthorized transmission of messages from a compromised Wear OS device.
CVSS Information
N/A
Vulnerability Type
对数据真实性的验证不充分
Vulnerability Title
Google Messages 安全漏洞
Vulnerability Description
Google Messages是美国谷歌(Google)公司的一个即时通讯应用。 Google Messages存在安全漏洞,该漏洞源于ACTION_SENDTO意图处理不当,可能导致未经授权的消息发送。
CVSS Information
N/A
Vulnerability Type
N/A