Remote Code Execution in Samsung Galaxy Apps due to Hostname Modification Vulnerability
CVE-2018-20135

8.1HIGH

Key Information:

Vendor: Samsung
Status: Galaxy Apps
Vendor: CVE Published:; 7 June 2019

Summary

An issue in Samsung Galaxy Apps prior to version 4.4.01.7 allows attackers to exploit a vulnerability related to hostname modification during application installation. By executing a man-in-the-middle attack, an attacker can trick the app into using an arbitrary hostname for which a valid SSL certificate can be provided. This flaw permits the emulation of the app store's API, enabling modification of applications at installation time. The vulnerability arises from an HTTP method that retrieves the load-balanced hostname but only enforces SSL validation post-hostname acquisition. Additionally, the absence of app signature validation in the application XML exacerbates the risk, potentially leading to remote code execution on the device.

References

https://security.samsungmobile.com/securityUpdate.smsb

x_refsource_MISC

https://www.adyta.pt/en/2019/01/29/writeup-samsung-app-st...

x_refsource_MISC

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 7, 2019
Vulnerability Reserved
Dec 13, 2018