The latest pack of security vulnerabilities may affect mobile phone: 2 of them affect the Java virtual machine (JVM), with the rest being specific to Nokia Series 40 phones, which run J2ME MIDlets.
The new exploits could allow the attacker to run untrusted Java MIDlets, the researches warn. Successful exploitation of these flaws would open up phones running S40, 3rd edition to a long list of further exploits.
According to researchers, the list includes the following: - gaining additional privileges for a malicious MIDlet, even manufacturer or mobile carrier level - running a malicious MIDlet when the phone is first turned on - accessing files - sending SMS/MMS - making phone calls - reading your contacts - accessing the SIM card - eavesdropping using the camera and microphone
The group of researchers that uncovered the flaws claim that a several proof of concept(PoC) code is already available. However, unlike they ask for a payment of around $30,000 for those eager to take the first look at their discovery.
Add to Favorites
Set Home Page
