Samsung Galaxy S9 Remote Code Execution Vulnerability

Summary

Samsung Galaxy S9 is prone to a remote code-execution vulnerability.This allows a remote attacker to exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts may result in a denial-of-service condition.

Credit:

The information has been provided by Georgi Geshev

The original article can be found at: https://www.us-cert.gov/ncas/bulletins/SB19-161


Details

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S9 prior to 1.4.20.2. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the GameServiceReceiver update mechanism. An attacker can leverage this vulnerability to execute code in the context of the current process. 

Vulnerable Systems:

  • Samsung Galaxy S9 prior to 1.4.20.2

CVE Information:

CVE-2019-6742

Disclosure Timeline:
Publish Date:06/03/2019