dark reading threat intel and cybersecurity news
Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database

PUBLISHED: 2021-04-09

Using unsafe PendingIntent in Customization Service prior to version in Android O(8.x), in Android P(9.0), in Android Q(10.0) and in Android R(11.0) allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent.

PUBLISHED: 2021-04-09

An improper authorization vulnerability in Samsung Members “samsungrewards” scheme for deeplink in versions in Android O(8.1) and below, and in Android P(9.0) and above allows remote attackers to access a user data related with Samsung Account.

PUBLISHED: 2021-04-09

Using predictable index for attachments in Samsung Email prior to version allows remote attackers to get attachments of another emails when users open the malicious attachment.

PUBLISHED: 2021-04-09

An improper synchronization logic in Samsung Email prior to version can leak messages in certain mailbox in plain text when STARTTLS negotiation is failed.

PUBLISHED: 2021-04-09

Intent redirection in Samsung Experience Service versions in Android P(9.0) below, and in Android Q(10.0) above allows attacker to execute privileged action.