Samsung Galaxy Store Vulnerability Allows Local Access to Sensitive Information
CVE-2024-20825

5.5MEDIUM

Key Information:

Vendor: Samsung
Status: Galaxy Store
Vendor: CVE Published:; 6 February 2024

What is CVE-2024-20825?

An implicit intent hijacking vulnerability has been identified in the IAP (In-App Purchasing) feature of the Samsung Galaxy Store. This vulnerability allows local attackers to exploit implicit intents to gain unauthorized access to sensitive information from affected versions prior to 4.5.63.6. Attackers can potentially leverage this flaw to manipulate application intents, leading to data exposure and security risks for users. It is crucial for users and administrators to ensure that their Galaxy Store applications are updated to the latest version to mitigate the effects of this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Galaxy Store 4.5.63.6

References

https://security.samsungmobile.com/serviceWeb.smsb?year=2...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 6, 2024
Vulnerability Reserved
Dec 5, 2023

JSON

Samsung