Samsung Galaxy Store Vulnerability Allows Local Access to Sensitive Information
CVE-2024-20825

5.5MEDIUM

Key Information:

Vendor: Samsung
Status: Galaxy Store
Vendor: CVE Published:; 6 February 2024

Summary

An implicit intent hijacking vulnerability has been identified in the IAP (In-App Purchasing) feature of the Samsung Galaxy Store. This vulnerability allows local attackers to exploit implicit intents to gain unauthorized access to sensitive information from affected versions prior to 4.5.63.6. Attackers can potentially leverage this flaw to manipulate application intents, leading to data exposure and security risks for users. It is crucial for users and administrators to ensure that their Galaxy Store applications are updated to the latest version to mitigate the effects of this vulnerability.

Affected Version(s)

Galaxy Store 4.5.63.6

References

https://security.samsungmobile.com/serviceWeb.smsb?year=2...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 6, 2024
Vulnerability Reserved
Dec 5, 2023