#VU68334 Incorrect authorization in Samsung Internet - CVE-2022-39873

Cybersecurity Help s.r.o.

Published: 2022-10-14

Vulnerability identifier: #VU68334

Vulnerability risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-39873

CWE-ID: CWE-863

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Samsung Internet
Mobile applications / Apps for mobile phones

Vendor: Samsung

Description

The vulnerability allows a local attacker to bypass authorization checks.

The vulnerability exists due to unprotected receiver in AtBroadcastReceiver. An attacker with physical access can add bookmarks in secret mode without user authentication.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Samsung Internet: before 18.0.4.14

External links
https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=10

Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Incorrect authorization in Samsung Internet