Samsung Phones Remote Code Execution Vulnerability

Last Update Date: 18 Jun 2015 18:12 Release Date: 18 Jun 2015 4239 Views

RISK: Medium Risk

Medium Risk

TYPE: Operating Systems - Mobile & Apps

TYPE: Mobile & Apps

A vulnerability was identified in Samsung devices with pre-installed Swiftkey keyboard. A remote, unauthenticated attacker conducting a man-in-the-middle attack may be able to write arbitrary data to vulnerable devices checking for updates.

Impact

  • Remote Code Execution
  • Data Manipulation

System / Technologies affected

  • Samsung devices with pre-installed Swiftkey keyboard

NOTE: SwiftKey has confirmed the SwiftKey Keyboard app available on Google Play and Apple App Store is not affected.

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Vendor has provided a firmware update to cell phone carriers for distribution to affected users.
  • If your cell phone carrier has not provided the over-the-air update, consider the following workaround.

Workaround:

  • Avoid using untrusted networks, including public WiFi, to decrease the chance of falling victim to a MITM attack.

Vulnerability Identifier

Source

Related Link

Share with

Previous

Cisco Email Security Appliance Anti-Spam Scanner Bypass Vulnerability

16 Jun 2015 3952 Views

Next

Drupal Multiple vulnerabilities

19 Jun 2015 3816 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY