CVE-2015-9547

Vulnerability

On Samsung mobile devices running Android Jelly Bean (JBP, version 4.3) and KitKat (KK, version 4.4.2), the READ_LOGS permission is mishandled. When certain error messages occur—specifically "Unhandled exception in Dalvik VM," "Application not responding ANR event," or "Crash on an application's native code"—sensitive information is written to a world-readable copy of the log file. This allows any process on the device to access the logged data.

Exploitation

An attacker with local access to the device, or any application installed on the device, can read the world-readable log file. No special privileges are required beyond the ability to read the log file, which is accessible due to the permission mishandling. The attacker simply needs to trigger or wait for the specific error messages to occur, causing sensitive information to be logged.

Impact

Successful exploitation leads to disclosure of sensitive information that is written to the log file. The exact nature of the information is not specified, but it could include application data, system details, or user credentials. The confidentiality of the device is compromised.

Mitigation

No official patch or fix has been publicly disclosed in the available references. Users are advised to upgrade to a later version of Android that is not affected by this issue, if possible. The vulnerability was reported under Samsung ID SVE-2015-2885 in October 2015.