Apple

Notified:  August 31, 2015 Updated: September 25, 2015

Statement Date:   September 24, 2015

Status

  Not Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

Apple does not believe iOS's permissions model is affected.

AT&T

Notified:  May 21, 2015 Updated: October 19, 2015

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

The researchers strongly suspect AT&T to be vulnerable but have not currently conducted full tests.

Google

Updated:  August 19, 2015

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

According to the reporter, Google is tracking this issue as it allows bypassing CALL_PHONE permissions in Android.

TMobile

Notified:  May 21, 2015 Updated: October 16, 2015

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

The researchers identified T-Mobile has not utilizing session management, potentially opening up the network to denial of service and peer-to-peer direct communications.

Verizon

Notified:  May 21, 2015 Updated: October 19, 2015

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

The researchers identified Verizon as not utilizing session management, potentially opening up the network to denial of service and peer-to-peer direct communications. The researchers also identified that the Verizon network may be vulnerable to direct communications through the gateway, possibly allowing call spoofing.