Incorrect authorization in Samsung Internet - CVE-2022-39873
Published: October 14, 2022
Vulnerability identifier: #VU68334
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-39873
CWE-ID: CWE-863
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Samsung
Affected software:
Samsung Internet
Samsung Internet
Detailed vulnerability description
The vulnerability allows a local attacker to bypass authorization checks.
The vulnerability exists due to unprotected receiver in AtBroadcastReceiver. An attacker with physical access can add bookmarks in secret mode without user authentication.
How to mitigate CVE-2022-39873
Install updates from vendor's website.