A pair of Android vulnerabilities in ever version prior to KitKat could give an attacker the ability to make and end phone calls and send USSD codes using a malicious application. Researchers claim they reported the issues to Google and waited several months before publishing their findings late last month. Google has not confirmed to have confirmed this to Threatpost. The vulnerabilities are in all but the newest KitKat iteration of Google s Android operating system. The researchers say they believe these errors were introduced at some point and never removed, and are exploitable.
Source: https://threatpost.com/android-exploited-to-make-and-end-phone-calls-send-ussd-codes/107114/