Improper Verification of Intent in Bixby Voice by Samsung
CVE-2023-42543

7.5HIGH

Key Information:

Vendor: Samsung
Status: Bixby Voice
Vendor: CVE Published:; 7 November 2023

Summary

The vulnerability in Bixby Voice, prior to version 3.3.35.12, stems from improper verification of intent by the broadcast receiver. This flaw allows attackers to exploit Bixby Voice's privileges, enabling unauthorized access to arbitrary data. Users of affected versions are at risk of sensitive information exposure, highlighting the importance of updating to the latest version to ensure robust security.

Affected Version(s)

Bixby Voice 3.3.35.12

References

https://security.samsungmobile.com/serviceWeb.smsb?year=2...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 7, 2023
Vulnerability Reserved
Sep 11, 2023