Vulnerability Note VU#704828

Lookout Mobile Security contains a denial-of-service vulnerability

Original Release date: 27 Jun 2013 | Last revised: 03 Jul 2013

Overview

Lookout Mobile Security version 8.14.1-7fe5f1, and possibly earlier versions, contains a denial-of-service vulnerability.

Description

Lookout Mobile Security (version 8.14.1-7fe5f1) crashes if an intent is sent to com.lookout.security.ScanTell with no arguments.

Impact

A malicious application installed on the phone may be able to disable the Lookout Mobile Security software.

Solution

Apply an Update

Lookout Mobile Security version 8.17-8a39d3f has been released to address this vulnerability.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
LookoutAffected11 Jun 201327 Jun 2013
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base 3.8 AV:L/AC:H/Au:S/C:N/I:N/A:C
Temporal 3.0 E:POC/RL:OF/RC:C
Environmental 2.3 CDP:ND/TD:M/CR:ND/IR:ND/AR:ND

References

Credit

Thanks to china.x.orion for reporting this vulnerability.

This document was written by Adam Rauf.

Other Information

  • CVE IDs: CVE-2013-3579
  • Date Public: 27 Jun 2013
  • Date First Published: 27 Jun 2013
  • Date Last Updated: 03 Jul 2013
  • Document Revision: 14

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.