Incorrect authorization in Samsung Internet - CVE-2022-39873

 

Incorrect authorization in Samsung Internet - CVE-2022-39873

Published: October 14, 2022


Vulnerability identifier: #VU68334
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-39873
CWE-ID: CWE-863
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: Samsung
Affected software:
Samsung Internet

Detailed vulnerability description

The vulnerability allows a local attacker to bypass authorization checks.

The vulnerability exists due to unprotected receiver in AtBroadcastReceiver. An attacker with physical access can add bookmarks in secret mode without user authentication.


How to mitigate CVE-2022-39873

Install updates from vendor's website.

Sources