CVE ID | |
CVSS SCORE | 6.1, AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N |
AFFECTED VENDORS |
Samsung |
AFFECTED PRODUCTS |
Galaxy S21 |
VULNERABILITY DETAILS |
This vulnerability allows local attackers to execute arbitrary code on affected installations of Samsung Galaxy S21 phones. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within Web Bridge WebView. The WebView exposes a JavaScript interface that allows the attacker to launch arbitrary apps. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current user. |
ADDITIONAL DETAILS |
This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 120 day deadline. 12/30/21 – ZDI reported the vulnerability to vendor -- Mitigation: |
DISCLOSURE TIMELINE |
|
CREDIT | Sam Thomas (@_s_n_t) of Pentest Ltd (@pentestltd) |