Samsung Galaxy Apps
By the Year
In 2024 there have been 0 vulnerabilities in Samsung Galaxy Apps . Galaxy Apps did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 1 | 8.10 |
| 2018 | 3 | 7.27 |
It may take a day or so for new Galaxy Apps vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Samsung Galaxy Apps Security Vulnerabilities
Samsung Galaxy Apps before 4.4.01.7
CVE-2018-20135
8.1 - High
- June 07, 2019
Samsung Galaxy Apps before 4.4.01.7 allows modification of the hostname used for load balancing on installations of applications through a man-in-the-middle attack. An attacker may trick Galaxy Apps into using an arbitrary hostname for which the attacker can provide a valid SSL certificate, and emulate the API of the app store to modify existing apps at installation time. The specific flaw involves an HTTP method to obtain the load-balanced hostname that enforces SSL only after obtaining a hostname from the load balancer, and a missing app signature validation in the application XML. An attacker can exploit this vulnerability to achieve Remote Code Execution on the device. The Samsung ID is SVE-2018-12071.
Improper Certificate Validation
This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy Apps Fixed in version 6.4.0.15
CVE-2018-10499
7 - High
- September 24, 2018
This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy Apps Fixed in version 6.4.0.15. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of URLs. The issue lies in the lack of proper validation of user-supplied data, which can allow arbitrary JavaScript to execute. An attacker can leverage this vulnerability to install applications under the context of the current user. Was ZDI-CAN-5330.
Improper Input Validation
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Samsung Galaxy Apps Fixed in version 6.4.0.15
CVE-2018-10500
7 - High
- September 24, 2018
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Samsung Galaxy Apps Fixed in version 6.4.0.15. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of push messages. The issue lies in the ability to start an activity with controlled arguments. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the application. Was ZDI-CAN-5331.
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Samsung Galaxy Apps Fixed in version 4.2.18.2
CVE-2018-10502
7.8 - High
- September 24, 2018
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Samsung Galaxy Apps Fixed in version 4.2.18.2. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of a staging mode. The issue lies in the ability to change the configuration based on the presence of a file in an user-controlled location. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the application. Was ZDI-CAN-5359.
Improper Input Validation
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Samsung Galaxy Apps or by Samsung? Click the Watch button to subscribe.
