What is the severity of CVE-2016-3883?

CVE-2016-3883 is rated as a moderate severity vulnerability due to the potential for attackers to spoof premium SMS confirmations.

How do I fix CVE-2016-3883?

To fix CVE-2016-3883, update your Android device to the latest security patch or version where this issue has been addressed.

What versions of Android are affected by CVE-2016-3883?

CVE-2016-3883 affects Android versions prior to 4.4.4, 5.0.2, 5.1.1, and various versions of 6.x and 7.0 before September 1, 2016.

What type of attack is possible with CVE-2016-3883?

CVE-2016-3883 allows attackers to spoof the confirmation messages for premium SMS transactions, potentially leading to unauthorized charges.

Is there a workaround for CVE-2016-3883 if I cannot update my device?

There are no effective workarounds for CVE-2016-3883; it is recommended to update the affected device as soon as possible.

Vulnerability/
CVE-2016-3883

medium

5.5

CWE

284

11/9/2016

6/8/2024

CVE-2016-3883

First published: Sun Sep 11 2016(Updated: )

internal/telephony/SMSDispatcher.java in Telephony in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 does not properly construct warnings about premium SMS messages, which allows attackers to spoof the premium-payment confirmation dialog via a crafted application, aka internal bug 28557603.

Credit: security@android.com

Affected Software	Affected Version	How to fix
Android	=4.0
Android	=4.0.1
Android	=4.0.2
Android	=4.0.3
Android	=4.0.4
Android	=4.1
Android	=4.1.2
Android	=4.2
Android	=4.2.1
Android	=4.2.2
Android	=4.3
Android	=4.3.1
Android	=4.4
Android	=4.4.1
Android	=4.4.2
Android	=4.4.3
Android	=5.0
Android	=5.0.1
Android	=5.1
Android	=5.1.0
Android	=6.0
Android	=6.0.1
Android	=7.0

Remedy

https://android.googlesource.com/platform/frameworks/opt/telephony/+/b2c89e6f8962dc7aff88cb38aa3ee67d751edda9

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2016-3883?
CVE-2016-3883 is rated as a moderate severity vulnerability due to the potential for attackers to spoof premium SMS confirmations.
How do I fix CVE-2016-3883?
To fix CVE-2016-3883, update your Android device to the latest security patch or version where this issue has been addressed.
What versions of Android are affected by CVE-2016-3883?
CVE-2016-3883 affects Android versions prior to 4.4.4, 5.0.2, 5.1.1, and various versions of 6.x and 7.0 before September 1, 2016.
What type of attack is possible with CVE-2016-3883?
CVE-2016-3883 allows attackers to spoof the confirmation messages for premium SMS transactions, potentially leading to unauthorized charges.
Is there a workaround for CVE-2016-3883 if I cannot update my device?
There are no effective workarounds for CVE-2016-3883; it is recommended to update the affected device as soon as possible.

agent/references
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/severity
agent/weakness
agent/author
agent/remedy
agent/last-modified-date
agent/description
agent/first-publish-date
agent/event
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/google
canonical/android
version/android/4.0
version/android/4.0.1
version/android/4.0.2
version/android/4.0.3
version/android/4.0.4
version/android/4.1
version/android/4.1.2
version/android/4.2
version/android/4.2.1
version/android/4.2.2
version/android/4.3
version/android/4.3.1
version/android/4.4
version/android/4.4.1
version/android/4.4.2
version/android/4.4.3
version/android/5.0
version/android/5.0.1
version/android/5.1
version/android/5.1.0
version/android/6.0
version/android/6.0.1
version/android/7.0