Android Applications Updates
SVE-2023-0472(CVE-2024-20829): Missing proper interaction for opening deeplink in Samsung Internet
Severity: High
Resolved version: v24.0.0.0
Reported on: March 23, 2023
Description: Missing proper interaction for opening deeplink in Samsung Internet prior to version v24.0.0.0 allows remote attackers to open an application without proper interaction.
The patch adds a proper user interaction.
Acknowledgement: Sazzad Mahmud Tomal
SVE-2023-0978(CVE-2024-20837): Improper handling of granting permission in Samsung Internet
Severity: Moderate
Resolved version: v24.0.0.41
Reported on: June 5, 2023
Description: Improper handling of granting permission for Trusted Web Activities in Samsung Internet prior to version 24.0.0.41 allows local attackers to grant permission to their own TWA WebApps without user interaction.
The patch add proper logic to prevent user interaction bypass
Acknowledgement: Zak Brighton Knight
SVE-2023-2070(CVE-2024-20838): Improper validation vulnerability in Samsung Internet
Severity: High
Resolved version: 24.0.3.2
Reported on: November 15, 2023
Description: Improper validation vulnerability in Samsung Internet prior to version 24.0.3.2 allows local attackers to execute arbitrary code.
The patch adds proper validation to prevent unauthorized access.
Acknowledgement: blunt
SVE-2023-2249(CVE-2024-20839): Improper access control in Samsung Voice Recorder
Severity: Moderate
Resolved version: 21.5.16.01 in Android 12 and Android 13, 21.4.51.02 in Android 14
Reported on: December 9, 2023
Description: Improper access control in Samsung Voice Recorder prior to versions 21.5.16.01 in Android 12 and Android 13, 21.4.51.02 in Android 14 allows physical attackers to access recording files on the lock screen.
The patch adds proper access control in Samsung Voice Recorder.
Acknowledgement: Elias Schröder
SVE-2023-2250(CVE-2024-20840): Improper Access Control in Samsung Voice Recorder
Severity: Moderate
Resolved version: 21.5.16.01 in Android 12 and Android 13, 21.4.51.02 in Android 14
Reported on: December 9, 2023
Description: Improper access control in Samsung Voice Recorder prior to versions 21.5.16.01 in Android 12 and Android 13, 21.4.51.02 in Android 14 allows physical attackers using hardware keyboard to use VoiceRecorder on the lock screen.
The patch adds proper access control in Samsung Voice Recorder.
Acknowledgement: Elias Schröder
SVE-2023-2339(CVE-2024-20841): Improper Handling of Insufficient Privileges in Samsung Account
Severity: Moderate
Resolved version: 14.8.00.3
Reported on: December 20, 2023
Description: Improper Handling of Insufficient Privileges in Samsung Account prior to version 14.8.00.3 allows local attackers to access data.
The patch adds proper permission to prevent unauthorized access.
Acknowledgement: Dawuge