Malicious Email Used To Crash Google Gmail App In Android

A new vulnerability in the popular Google’s Stock Android Email App has been discovered recently.This vulnerability could crash your smartphone application just by sending a malicious email.

Hector Marco,a Spain security researcher successfully exploited the vulnerability on his Samsung Galaxy S4 Mini running version 4.2.2.0200 of Stock Android Email App. The flaw appears to affect all older versions of Stock Android Email App, though devices running 4.2.2.0400 and newer versions are not affected.When the user receives the malicious email and tries to view it, the email app crashes,he added.

The flaw (CVE-2015-1574) is due to incorrect handling of the Content-Disposition header. Hackers could exploit the vulnerability by sending an email with a malformed Content-Disposition header to the targeted user in order to cause email application crash.

The bug appears because an incorrect handling of the Content-Disposition header. An incorrect Content-Disposition header causes the crash. The malformed header which produces the crash is:

The straightforward way to fix this issue is by updating the email Android application to 4.2.2.0400 or higher. Unfortunately this is not possible in all cases. Non-official Android ROMs or manually updates are possible but in some cases require root privileges in your device which in most cases causes a loss of warranty of the device.Another way is by disabling the internet connection (Airplane mode) before launching the email reader, and then you can remove the offending email,says Hector in his blog post.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients