Project Zero researcher, Mark Brand found a directory traversal bug in the devices WifiHs20UtilityService.
The service scans for a zip file in /sdcard/Download/cred.zip and unzips it.
The jot down of attack, otherwise known as a drive-by download, is commonly employed against desktop browsers.
The researchers used Verizon Samsung Galaxy S6 Edge model No.SM-G925V to test theattack.
Samsung has addressed the WifiHs20UtilityService bug in S6 Edge through an update of SELinux.
But Google researchers said that other Samsung gear models may also be running WifiHs20UtilityService.
Details of the remaining bugs can befound on Project Zeros blogand its database of closed flaws.
source: www.techworm.net
