Monthly Archive: June 2021

Intent redirection vulnerability in Samsung Health prior to version 6.16 allows attacker to execute privileged action. Date published : 2021-06-11 https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=5

Intent redirection vulnerability in Samsung Internet prior to version 14.0.1.20 allows attacker to execute privileged action. Date published : 2021-06-11 https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=5

Improper configuration in Smart Manager prior to version 11.0.05.0 allows attacker to access the file with system privilege. Date published : 2021-06-11 https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=5

Intent redirection vulnerability in Bixby Voice prior to version 3.1.12 allows attacker to access contacts. Date published : 2021-06-11 https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=5

An improper access control vulnerability in TelephonyUI prior to SMR MAY-2021 Release 1 allows local attackers to write arbitrary files of telephony process via untrusted applications. Date published : 2021-06-11 https://blog.oversecured.com/Two-weeks-of-securing-Samsung-devices-Part-1/ https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=5

An improper input validation vulnerability in NPU firmware prior to SMR MAY-2021 Release 1 allows arbitrary memory write and code execution. Date published : 2021-06-11 https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=5

A race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows local attackers to bypass signature check given a radio privilege is compromised. Date published : 2021-06-11 https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=5

A use after free vulnerability via race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows arbitrary write given a radio privilege is compromised. Date published : 2021-06-11 https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=5

Improper sanitization of incoming intent in SecSettings prior to SMR MAY-2021 Release 1 allows local attackers to get permissions to access system uid data. Date published : 2021-06-11 https://blog.oversecured.com/Two-weeks-of-securing-Samsung-devices-Part-1/ https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=5

Improper protection of backup path configuration in Samsung Dex prior to SMR MAY-2021 Release 1 allows local attackers to get sensitive information via changing the path. Date published : 2021-06-11 https://blog.oversecured.com/Two-weeks-of-securing-Samsung-devices-Part-1/ https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=5

Intent redirection vulnerability in Secure Folder prior to SMR MAY-2021 Release 1 allows attackers to execute privileged action. Date published : 2021-06-11 https://blog.oversecured.com/Two-weeks-of-securing-Samsung-devices-Part-1/ https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=5

Intent redirection vulnerability in PhotoTable prior to SMR MAY-2021 Release 1 allows attackers to execute privileged action. Date published : 2021-06-11 https://blog.oversecured.com/Two-weeks-of-securing-Samsung-devices-Part-1/ https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=5

Improper running task check in S Secure prior to SMR MAY-2021 Release 1 allows attackers to use locked app without authentication. Date published : 2021-06-11 https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=5

Improper caller check vulnerability in Knox Core prior to SMR MAY-2021 Release 1 allows attackers to install arbitrary app. Date published : 2021-06-11 https://blog.oversecured.com/Two-weeks-of-securing-Samsung-devices-Part-1/ https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=5