Malicious Email Used To Crash Google Gmail App In Android

A new vulnerability in the popular Google’s Stock Android Email App has been discovered recently.This vulnerability could crash your smartphone application just by sending a malicious email.

Hector Marco,a Spain security researcher successfully exploited the vulnerability on his Samsung Galaxy S4 Mini running version of Stock Android Email App. The flaw appears to affect all older versions of Stock Android Email App, though devices running and newer versions are not affected.When the user receives the malicious email and tries to view it, the email app crashes,he added.

The flaw (CVE-2015-1574) is due to incorrect handling of the Content-Disposition header. Hackers could exploit the vulnerability by sending an email with a malformed Content-Disposition header to the targeted user in order to cause email application crash.

The bug appears because an incorrect handling of the Content-Disposition header. An incorrect Content-Disposition header causes the crash. The malformed header which produces the crash is:

The straightforward way to fix this issue is by updating the email Android application to or higher. Unfortunately this is not possible in all cases. Non-official Android ROMs or manually updates are possible but in some cases require root privileges in your device which in most cases causes a loss of warranty of the device.Another way is by disabling the internet connection (Airplane mode) before launching the email reader, and then you can remove the offending email,says Hector in his blog post.

Related posts

Apple Zero-Day Flaws Exploited For Predator Spyware Attacks

ThemeBleed – Code Execution Vulnerability In Windows 11 Themes