Design/Logic Flaw

2021-06-1115:15:00

PRIOn knowledge base

www.prio-n.com

5.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Improper sanitization of incoming intent in Samsung Contacts prior to SMR JUN-2021 Release 1 allows local attackers to get permissions to access arbitrary data with Samsung Contacts privilege.

CPENameOperatorVersion
androideq9.0
androideq10.0
androideq11.0

Name	Operator	Version
android	eq	9.0
android	eq	10.0
android	eq	11.0

References

blog.oversecured.com/Two-weeks-of-securing-Samsung-devices-Part-2/

security.samsungmobile.com/securityUpdate.smsb?year=2021&month=6