Insecure App Component in Samsung J6 Android Devices Exposes Sensitive Functions
CVE-2019-15457

7.8HIGH

Key Information:

Vendor: Samsung
Status: Galaxy J6 Firmware
Vendor: CVE Published:; 14 November 2019

Summary

The Samsung J6 Android device has a vulnerability due to a pre-installed theming application that permits other pre-installed apps to initiate installations via its accessible components. Any app with the requisite system permissions can exploit this vulnerability, potentially leading to unauthorized app installations and compromising device integrity. This flaw underscores the necessity for secure component configurations in pre-installed applications.

References

https://www.kryptowire.com/android-firmware-2019/

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 14, 2019
Vulnerability Reserved
Aug 22, 2019