CVE-2019-6742

10CRITICAL

Key Information:

Vendor: Samsung
Status: Galaxy S9
Vendor: CVE Published:; 3 June 2019

Summary

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S9 prior to 1.4.20.2. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the GameServiceReceiver update mechanism. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7477.

Affected Version(s)

Galaxy S9 prior to 1.4.20.2

References

https://www.zerodayinitiative.com/advisories/ZDI-19-255/

x_refsource_MISC

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jun 3, 2019
Vulnerability Reserved
Jan 24, 2019

Credit

MWR Labs - Georgi Geshev and Robert Miller