Improper Input Validation in Galaxy Store by Samsung
CVE-2022-33709

7.8HIGH

Key Information:

Vendor: Samsung
Status: Galaxy Store
Vendor: CVE Published:; 12 July 2022

Summary

An improper input validation vulnerability exists in the ApexPackageInstaller component of the Galaxy Store. This flaw, which affects versions prior to 4.5.41.8, allows local attackers to execute activities with elevated privileges, potentially leading to unauthorized access and severe security risks within the application. Users are advised to update to the latest version to mitigate this issue.

Affected Version(s)

Galaxy Store < 4.5.41.8

References

https://security.samsungmobile.com/serviceWeb.smsb?year==...

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 12, 2022
Vulnerability Reserved
Jun 15, 2022