close

Samsung Mobile Security
Cookie Policy

Updated on May 1, 2021

This Cookie Policy describes the different types of cookies that may be used in connection with Samsung Mobile Security website which is owned and controlled by Samsung Electronics Co., Ltd (“Samsung Electronics”). This Cookie Policy also describes how you can manage cookies.

It’s important that you check back often for updates to the Policy as we may change it from time to time to reflect changes to our use of cookies. Please check the date at the top of this page to see when this Policy was last revised. Any changes to this Policy will become effective when we make the revised Policy available on our website.

Samsung Electronics has offices across Europe, so we can ensure that your request or query will be handled by the data protection team based in your region. If you have any questions, the easiest way to contact us is through our Privacy Support Page at https://www.samsung.com/request-desk.

You can also contact us at:

European Data Protection Officer
Samsung Electronics (UK) Limited
Samsung House, 1000 Hillswood Drive, Chertsey, Surrey KT16 0PS

Cookies

Cookies are small files that store information on your computer, TV, mobile phone, or other device. They enable the entity that put the cookie on your device to recognize you across different websites, services, devices, and/or browsing sessions.

We use the following types of cookies on this website:

Essential Cookies: enable you to receive the services you request via our website. Without these cookies, services that you have asked for cannot be provided. For example, these enable to identify users and provide proper service for each user. These cookies are automatically enabled and cannot be turned off because they are essential to enable you to browse our website. Without these cookies this Samsung Mobile Security website could not be provided.

Cookie Domain Purpose
JSESSIONID security.samsungmobile.com to keep login session
lastActivityTime security.samsungmobile.com to save the user's last activity time to automatically logout after 30 minutes of inactivity

Managing Cookies and Other Technologies

You can also update your browser settings at any time, if you want to remove or block cookies from your device (consult your browser's "help" menu to learn how to remove or block cookies). Samsung Electronics is not responsible for your browser settings. You can find good and simple instructions on how to manage cookies on the different types of web browsers at http://www.allaboutcookies.org.

Go straight to the menu Go straight to the text

Security Updates

We truly appreciate the following security researchers for helping us improve the security of our mobile applications, wearable devices and personal computers. We would like to thank them for disclosing the vulnerability reports responsibly and working with us throughout the process.

Please note that while we are doing our best to release the security patches as soon as possible to all applicable devices and services, release time of security patches may vary depending on the device version and models or service versions.


Android Applications Updates


SVE-2021-22590 (CVE-2022-22283): Account is not logged out in Samsung health Android App after Remove from inactive device

Severity: Low
Resolved Version: 6.20.1.005
Reported on: July 10, 2021
Description: Improper session management vulnerability in Samsung Health prior to 6.20.1.005 prevents logging out from Samsung Health App.
Acknowledgement: Rohit Kumar


SVE-2021-23292 (CVE-2022-22284): Authentication bypass in Samsung browser secret mode

Severity: Low
Resolved Version: 16.0.2.19
Reported on: October 19, 2021
Description: Improper authentication vulnerability in Samsung Internet prior to 16.0.2.19 allows attackers to bypass secret mode password authentication
Acknowledgement: Harsh Tyagi


SVE-2021-23607 (CVE-2022-22285): Hijack the PendingIntent containing Implicit Intent in the Reminder app to read Contacts

Severity: Moderate
Resolved Version: 12.2.05.0 in Android R(11.0) and 12.3.02.1000 in Android S(12.0)
Reported on: October 17, 2021
Description: A vulnerability using PendingIntent in Reminder prior to version 12.2.05.0 in Android R(11.0) and 12.3.02.1000 in Android S(12.0) allows attackers to execute privileged action by hijacking and modifying the intent.
Acknowledgement: h0ard7


SVE-2021-23608 (CVE-2022-22286): Hijack the PendingIntent containing Implicit Intent in the Bixby Routines app to read Contacts

Severity: Moderate
Resolved Version: 3.1.21.8 in Android R(11.0) and 2.6.30.5 in Android Q(10.0)
Reported on: October 17, 2021
Description: A vulnerability using PendingIntent in Bixby Routines prior to version 3.1.21.8 in Android R(11.0) and 2.6.30.5 in Android Q(10.0) allows attackers to execute privileged action by hijacking and modifying the intent.
Acknowledgement: h0ard7


SVE-2021-23749 (CVE-2022-22287): Abitrary file access vulnerability in Samsung Email

Severity: Moderate
Resolved Version: 6.1.60.16
Reported on: October 29, 2021
Description: Arbitrary file access vulnerability in Samsung Email prior to 6.1.60.16 allows attacker to read isolated data in sandbox.
Acknowledgement: Dzmitry Lukyanenka


SVE-2021-23791 (CVE-2022-22288): Remote app installation vulnerability in Galaxy Store

Severity: Critical
Resolved Version: 4.5.36.5
Reported on: November 3, 2021
Description: Improper authorization vulnerability in Galaxy Store prior to 4.5.36.5 allows remote app installation of the allowlist.
Acknowledgement: Ken Gannon


SVE-2021-23888 (CVE-2022-22289): Sensitive information disclosure in S Assistant

Severity: Moderate
Resolved Version: 7.5
Reported on: November 9, 2021
Description: Improper access control vulnerability in S Assistant prior to version 7.5 allows attacker to remotely get sensitive information.
Acknowledgement: hongquan Li @ ADLab of VenusTech


SVE-2021-23944 (CVE-2022-22290): Incorrect UI in Downloads in Samsung Browser

Severity: Moderate
Resolved Version: 16.0.6.23
Reported on: November 15, 2021
Description: Incorrect UI in Downloads in Samsung Internet prior to 16.0.6.23 allows attackers to perform domain spoofing via a crafted HTML page.
Acknowledgement: Kirtikumar Anandrao Ramchandani