Mobus Ad Library for Android contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when the application searches the SMS database in order to gain administrative information for the Short Message Service Center (SMSC). This will disclose potentially sensitive information to a remote attacker.

The presence of this software means the host system has been compromised through some other exploit/vulnerability. The only way to ensure the software, and any other malicious software (malware), is completely removed is to re-install the operating system.

• Related OSVDB ID: 85304 85305 85306 85307 85308
• News Article: http://arstechnica.com/business/news/2012/03/researchers-find-privacy-and-security-holes-in-android-apps-with-ads.ars
• Other Advisory URL: http://www.csc.ncsu.edu/faculty/jiang/pubs/WISEC12_ADRISK.pdf

• Michael Grace - Department of Computer Science, North Carolina State University
• Wu Zhou - Department of Computer Science, North Carolina State University
• Xuxian Jiang - Department of Computer Science, North Carolina State University
• Ahmad-Reza Sadeghi - Center for Advanced Security Research, Technical University Darmstadt

NVD does not currently have a CVSSv2 score assigned.