Sony PlayNow Store Arbitrary Package Installation

Product Sony PlayNow Store
Severity High
CVE Reference CVE-2014-2272
Type Sony PlayNow Store Arbitrary Package Installation

MWR have discovered a vulnerability in the Sony PlayNow Store, shipped by default on the Sony Xperia Z mobile phone. Exploiting this vulnerability could allow an attacker to remotely install an arbitrary application to the phone with any permissions.

The advisory can be downloaded here.