App Installation Vulnerability in Samsung J7 Pro by Samsung
CVE-2019-15465

7.8HIGH

Key Information:

Vendor: Samsung
Status: Galaxy J7 Pro Firmware
Vendor: CVE Published:; 14 November 2019

Summary

The Samsung J7 Pro is affected by a significant security issue stemming from a pre-installed app known as Theme Center. This vulnerability enables any pre-installed application with the required permissions to perform app installations via an accessible component, compromising user security. Applications that have signatureOrSystem permissions can exploit this flaw and interact with other pre-installed apps that have exposed their functionalities, potentially leading to unauthorized app installations and user data breaches.

References

https://www.kryptowire.com/android-firmware-2019/

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 14, 2019
Vulnerability Reserved
Aug 22, 2019