CVE-2018-10500 is a vulnerability in Samsung Galaxy Apps
Published on September 24, 2018
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Samsung Galaxy Apps Fixed in version 6.4.0.15. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of push messages. The issue lies in the ability to start an activity with controlled arguments. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the application. Was ZDI-CAN-5331.
Weakness Type
What is an Authorization Vulnerability?
The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CVE-2018-10500 has been classified to as an Authorization vulnerability or weakness.
Products Associated with CVE-2018-10500
Want to know whenever a new CVE is published for Samsung Galaxy Apps? stack.watch will email you.
Affected Versions
Samsung Galaxy Apps Version Fixed in version 6.4.0.15 is affected by CVE-2018-10500Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.