SIK-2016-018
Title:
Local DOS McAfee App
Report ID
SIK-2016-018
Summary:
- Vendor: McAfee (Intel Security)
- Product: Security & Power Booster -free (https://play.google.com/store/apps/details?id=com.wsandroid.suite)
- Affected Version: 4.5.0.601, Platform Build version 5.0.1-1624448
- Severity: low
- Short summary:
An intent sent from any arbitrary application on the device can stop/kill the security app.
Details:
The application contains a Baidu plugin which does not properly handle received intents containing Null values. Android OS before Lollipop (Version < 5) have no Null intent value filtering, so if an application sends a Broadcast Intent with an empty value, the BroadcastReceiver of the McAfee application cannot
handle this and crashes.
Example Intent generated by drozer1 tool:
run app.broadcast.send --action com.baidu.android.pushservice.action.RECEIVE --component com.wsandroid.suite com.mcafee.messaging.baidu.BaiduMessageReceiver
App crashes because of a NullPointerException completely. Intent has to be sent 3 times to ensure that the app will not restart again.
Responsible Code (Code where crash happens):
Class com.baidu.frontia.api.FrontiaPushMessageReceiver
public final void onReceive(Context context, Intent intent) {
int i = 0;
[...]
} else if
(intent.getAction().equals("com.baidu.android.pushservice.action.RECEIVE") ||
intent.getAction().equals(b)) {
String stringExtra = intent.getStringExtra("method"); <==== PROBLEM IF NO
EXTRA IS SET
int intExtra = intent.getIntExtra("error_msg", 0);
Object obj = "";
if (intent.getByteArrayExtra("content") != null) {
obj = new String(intent.getByteArrayExtra("content"));
}
A malicious application can abuse this to crash/deactivate the McAfee application and bypass the protection on the smartphone.
Workaround
–
Suggested Mitigation
Please fix it
Timeline
–