close

Samsung Mobile Security and Cookies

Our site uses essential cookies only. You can read our Privacy Policy and Cookie Policy for more information.

close

Samsung Mobile Security
Cookie Policy

Updated on Jan 17, 2022

This Cookie Policy describes the different types of cookies that may be used in connection with Samsung Mobile Security website which is owned and controlled by Samsung Electronics Co., Ltd (“Samsung Electronics”). This Cookie Policy also describes how you can manage cookies.

It’s important that you check back often for updates to the Policy as we may change it from time to time to reflect changes to our use of cookies. Please check the date at the top of this page to see when this Policy was last revised. Any changes to this Policy will become effective when we make the revised Policy available on our website.

Samsung Electronics has offices across Europe, so we can ensure that your request or query will be handled by the data protection team based in your region. If you have any questions, the easiest way to contact us is through our Privacy Support Page at https://www.samsung.com/request-desk.

You can also contact us at:

European Data Protection Officer
Samsung Electronics (UK) Limited
Samsung House, 2000 Hillswood Drive, Chertsey, Surrey KT16 0RS

Cookies

Cookies are small files that store information on your computer, TV, mobile phone, or other device. They enable the entity that put the cookie on your device to recognize you across different websites, services, devices, and/or browsing sessions.

We use the following types of cookies on this website:

Essential Cookies: enable you to receive the services you request via our website. Without these cookies, services that you have asked for cannot be provided. For example, these enable to identify users and provide proper service for each user. These cookies are automatically enabled and cannot be turned off because they are essential to enable you to browse our website. Without these cookies this Samsung Mobile Security website could not be provided.

Cookie Domain Purpose
JSESSIONID security.samsungmobile.com to keep login session
lastActivityTime security.samsungmobile.com to save the user's last activity time to automatically logout after 30 minutes of inactivity

Managing Cookies and Other Technologies

You can also update your browser settings at any time, if you want to remove or block cookies from your device (consult your browser's "help" menu to learn how to remove or block cookies). Samsung Electronics is not responsible for your browser settings. You can find good and simple instructions on how to manage cookies on the different types of web browsers at http://www.allaboutcookies.org.

Go straight to the menu Go straight to the text
Home>Security Updates>Other Updates

Security Updates

2024Open selected window by year

Close selected window by year
January February March April

We truly appreciate the following security researchers for helping us improve the security of our mobile applications, wearable devices and personal computers. We would like to thank them for disclosing the vulnerability reports responsibly and working with us throughout the process.

Please note that while we are doing our best to release the security patches as soon as possible to all applicable devices and services, release time of security patches may vary depending on the device version and models or service versions.


Android Applications Updates

SVE-2023-2086(CVE-2024-20850): Use of Implicit Intent for Sensitive Communication in Samsung Pay

Severity: Moderate
Resolved version: 5.4.99
Reported on: November 17, 2023
Description: Use of Implicit Intent for Sensitive Communication in Samsung Pay prior to version 5.4.99 allows local attackers to access information of Samsung Pay.
The patch adds a proper access control.
Acknowledgement: Illia Khorolskyi


SVE-2023-2372(CVE-2024-20851): Improper access control vulnerability in Samsung Data Store

Severity: Moderate
Resolved version: 5.3.00.4
Reported on: December 23, 2023
Description: Improper access control vulnerability in Samsung Data Store prior to version 5.3.00.4 allows local attackers to launch arbitrary activity with Samsung Data Store privilege.
The patch removes unused code.
Acknowledgement: hackhackdump


SVE-2024-0210(CVE-2024-20852): Improper verification of intent by broadcast receiver vulnerability in SmartThings

Severity: Moderate
Resolved version: 1.8.13.22
Reported on: January 24, 2024
Description: Improper verification of intent by broadcast receiver vulnerability in SmartThings prior to version 1.8.13.22 allows local attackers to access testing configuration.
The patch adds proper access control.
Acknowledgement: balance


SVE-2024-0405(CVE-2024-20853): Improper verification of intent by broadcast receiver vulnerability in ThemeStore

Severity: Moderate
Resolved version: 5.3.05.2
Reported on: February 19, 2024
Description: Improper verification of intent by broadcast receiver vulnerability in ThemeStore prior to 5.3.05.2 allows local attackers to write arbitrary files to sandbox of ThemeStore.
The patch adds proper caller verification logic to prevent improper access.
Acknowledgement: Dawuge


Other Software Updates

SVE-2023-2191(CVE-2024-20854): Improper handling of insufficient privileges vulnerability in Samsung Camera

Severity: Moderate
Resolved version: 12.1.0.31 in Android 12, 13.1.02.07 in Android 13, and 14.0.01.06 in Android 14
Reported on: November 30, 2023
Description: Improper handling of insufficient privileges vulnerability in Samsung Camera prior to versions 12.1.0.31 in Android 12, 13.1.02.07 in Android 13, and 14.0.01.06 in Android 14 allows local attackers to access image data.
The patch adds proper permission to prevent unauthorized access.
Acknowledgement: Dawuge


Android Applications Updates
SVE-2023-0472(CVE-2024-20829): Missing proper interaction for opening deeplink in Samsung Internet

Severity: High
Resolved version: v24.0.0.0
Reported on: March 23, 2023
Description: Missing proper interaction for opening deeplink in Samsung Internet prior to version v24.0.0.0 allows remote attackers to open an application without proper interaction.
The patch adds a proper user interaction.
Acknowledgement: Sazzad Mahmud Tomal


SVE-2023-0978(CVE-2024-20837): Improper handling of granting permission in Samsung Internet

Severity: Moderate
Resolved version: v24.0.0.41
Reported on: June 5, 2023
Description: Improper handling of granting permission for Trusted Web Activities in Samsung Internet prior to version 24.0.0.41 allows local attackers to grant permission to their own TWA WebApps without user interaction.
The patch add proper logic to prevent user interaction bypass
Acknowledgement: Zak Brighton Knight


SVE-2023-2070(CVE-2024-20838): Improper validation vulnerability in Samsung Internet

Severity: High
Resolved version: 24.0.3.2
Reported on: November 15, 2023
Description: Improper validation vulnerability in Samsung Internet prior to version 24.0.3.2 allows local attackers to execute arbitrary code.
The patch adds proper validation to prevent unauthorized access.
Acknowledgement: blunt


SVE-2023-2249(CVE-2024-20839): Improper access control in Samsung Voice Recorder

Severity: Moderate
Resolved version: 21.5.16.01 in Android 12 and Android 13, 21.4.51.02 in Android 14
Reported on: December 9, 2023
Description: Improper access control in Samsung Voice Recorder prior to versions 21.5.16.01 in Android 12 and Android 13, 21.4.51.02 in Android 14 allows physical attackers to access recording files on the lock screen.
The patch adds proper access control in Samsung Voice Recorder.
Acknowledgement: Elias Schröder


SVE-2023-2250(CVE-2024-20840): Improper Access Control in Samsung Voice Recorder

Severity: Moderate
Resolved version: 21.5.16.01 in Android 12 and Android 13, 21.4.51.02 in Android 14
Reported on: December 9, 2023
Description: Improper access control in Samsung Voice Recorder prior to versions 21.5.16.01 in Android 12 and Android 13, 21.4.51.02 in Android 14 allows physical attackers using hardware keyboard to use VoiceRecorder on the lock screen.
The patch adds proper access control in Samsung Voice Recorder.
Acknowledgement: Elias Schröder


SVE-2023-2339(CVE-2024-20841): Improper Handling of Insufficient Privileges in Samsung Account

Severity: Moderate
Resolved version: 14.8.00.3
Reported on: December 20, 2023
Description: Improper Handling of Insufficient Privileges in Samsung Account prior to version 14.8.00.3 allows local attackers to access data.
The patch adds proper permission to prevent unauthorized access.
Acknowledgement: Dawuge


Android Applications Updates

SVE-2023-0774(CVE-2024-20825, CVE-2024-20824, CVE-2024-20823, CVE-2024-20822): Implicit intent hijacking vulnerability in Galaxy Store

Severity: Moderate
Resolved version: 4.5.63.6
Reported on: May 4, 2023
Description: Implicit intent hijacking vulnerability in Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent.
The patch changes implicit intent to explicit intent.
Acknowledgement: Oversecured (oversecured.com)


SVE-2023-1112(CVE-2024-20826): Implicit intent hijacking vulnerability in UPHelper library

Severity: Moderate
Resolved version: 4.0.0
Reported on: June 20, 2023
Description: Implicit intent hijacking vulnerability in UPHelper library prior to version 4.0.0 allows local attackers to access sensitive information via implicit intent.
The patch changes implicit intent to explicit intent.
Acknowledgement: Oversecured (oversecured.com)


SVE-2023-1781(CVE-2024-20827): Improper access control vulnerability in Samsung Gallery

Severity: Moderate
Resolved version: 14.5.04.4
Reported on: October 10, 2023
Description: Improper access control vulnerability in Samsung Gallery prior to version 14.5.04.4 allows physical attackers to access the picture using physical keyboard on the lockscreen.
The patch prevents menu access by physical keyboard in locked device
Acknowledgement: Elias Schröder


SVE-2023-2275(CVE-2024-20828): Improper authorization verification vulnerability in Samsung Internet

Severity: Moderate
Resolved version: 24.0
Reported on: December 12, 2023
Description: Improper authorization verification vulnerability in Samsung Internet prior to version 24.0 allows physical attackers to access files downloaded in SecretMode without proper authentication.
The patch adds proper authorization verification logic to prevent unauthorized access.
Acknowledgement: KRISHAN KUMAR


Android Applications Updates

SVE-2023-0956(CVE-2024-20807): Implicit intent hijacking vulnerability in Samsung Email

Severity: Moderate
Resolved version: 6.1.90.16
Reported on: June 2, 2023
Description: Implicit intent hijacking vulnerability in Samsung Email prior to version 6.1.90.16 allows attacker to get sensitive information.
The patch change the implicit intent to explicit intent.
Acknowledgement: Oversecured (oversecured.com)


SVE-2023-1990(CVE-2024-20808): Improper access control vulnerability in Nearby device scanning

Severity: Moderate
Resolved version: 11.1.14.7
Reported on: October 31, 2023
Description: Improper access control vulnerability in Nearby device scanning prior version 11.1.14.7 allows local attacker to access data.
The patch adds proper access control.
Acknowledgement: Dawuge


SVE-2023-1991(CVE-2024-20809): Improper access control vulnerability in Nearby device scanning

Severity: Moderate
Resolved version: 11.1.14.7
Reported on: October 31, 2023
Description: Improper access control vulnerability in Nearby device scanning prior version 11.1.14.7 allows local attacker to access data.
The patch adds proper access control.
Acknowledgement: Dawuge