Local Attackers Can Install Malicious Apps Due to Improper Verification of Cryptographic Signature Prior to SMR Dec-2024 Release 1
CVE-2024-49413

7.1HIGH

Key Information:

Vendor: Samsung
Status: Samsung Devices
Vendor: CVE Published:; 3 December 2024

Summary

The vulnerability arises from an improper verification of cryptographic signatures in Samsung's SmartSwitch software. This flaw enables local attackers to exploit the system by installing malicious applications without proper authentication checks. Users who have not updated to the SMR Dec-2024 Release 1 are particularly at risk, as their systems may be susceptible to unauthorized software installations that could compromise data integrity and security. Organizations and individuals utilizing SmartSwitch should ensure they have the latest updates installed to mitigate potential exploitation.

Affected Version(s)

Samsung Mobile Devices SMR Dec-2024 Release in Android 13, 14

References

https://security.samsungmobile.com/securityUpdate.smsb?ye...

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 3, 2024
Vulnerability Reserved
Oct 15, 2024