Incorrect authorization in Samsung Internet
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2022-39873 |
| CWE-ID | CWE-863 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Samsung Internet Mobile applications / Apps for mobile phones |
| Vendor |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Incorrect authorization
EUVDB-ID: #VU68334
Risk: Low
CVSSv3.1: 4 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-39873
CWE-ID:
CWE-863 - Incorrect Authorization
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to bypass authorization checks.
The vulnerability exists due to unprotected receiver in AtBroadcastReceiver. An attacker with physical access can add bookmarks in secret mode without user authentication.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSamsung Internet: before 18.0.4.14
External linkshttp://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=10
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
