SCUMSUNG.vulnerability.cve

Posted inAndroid3 min read

vulnerability 

11-2023/2024

SVE-2023-0774(CVE-2024-20825, CVE-2024-20824, CVE-2024-20823, CVE-2024-20822): Implicit intent hijacking vulnerability in Galaxy Store

Resolved version: 4.5.63.6
Reported on: May 4, 2023
Description: Implicit intent hijacking vulnerability in Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent.

Samsung Gallery

SVE-2023-1781(CVE-2024-20827): Improper access control vulnerability in Samsung Gallery

Description: Improper access control vulnerability in Samsung Gallery prior to version 14.5.04.4 allows physical attackers to access the picture using physical keyboard on the lockscreen.
The patch prevents menu access by physical keyboard in locked device

Samsung Internet

SVE-2023-2275(CVE-2024-20828): Improper authorization verification vulnerability in Samsung Internet

Description: Improper authorization verification vulnerability in Samsung Internet prior to version 24.0 allows physical attackers to access files downloaded in SecretMode without proper authentication.
The patch adds proper authorization verification logic to prevent unauthorized access.

Samsung Email

SVE-2023-0956(CVE-2024-20807): Implicit intent hijacking vulnerability in Samsung Email

Description: Implicit intent hijacking vulnerability in Samsung Email prior to version 6.1.90.16 allows attacker to get sensitive information.
The patch change the implicit intent to explicit intent.

SVE-2023-1990(CVE-2024-20808): Improper access control vulnerability in Nearby device scanning

SVE-2023-2339(CVE-2024-20841): Improper Handling of Insufficient Privileges in Samsung Account

SVE-2023-2250(CVE-2024-20840): Improper Access Control in Samsung Voice Recorder

SVE-2024-0210(CVE-2024-20852): Improper verification of intent by broadcast receiver vulnerability in SmartThings

SVE-2023-2372(CVE-2024-20851): Improper access control vulnerability in Samsung Data Store

SVE-2023-2086(CVE-2024-20850): Use of Implicit Intent for Sensitive Communication in Samsung Pay

SVE-2023-2191(CVE-2024-20854): Improper handling of insufficient privileges vulnerability in Samsung Camera

SVE-2024-0405(CVE-2024-20853): Improper verification of intent by broadcast receiver vulnerability in ThemeStore

SVE-2024-0210(CVE-2024-20852): Improper verification of intent by broadcast receiver vulnerability in SmartThings

SVE-2023-1416(CVE-2023-42544): Improper access control vulnerability in Quick Share

SVE-2023-1414(CVE-2023-42543): Improper verification of intent by broadcast receiver vulnerability in Bixby Voice

SVE-2023-1287(CVE-2023-42541): Improper authorization in Samsung Push Service

SVE-2023-0668(CVE-2023-42539): PendingIntent hijacking vulnerability in Samsung Health

SVE-2023-1503(CVE-2023-42552): Implicit intent hijacking vulnerability in Firewall application

SVE-2023-1454(CVE-2023-42545): Use of implicit intent for sensitive communication vulnerability in Phone

source:
https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=02

Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.