Advisory Details

March 5th, 2019

(Pwn2Own) Samsung Galaxy S9 GameServiceReceiver Unsafe Updates Validation Remote Code Execution Vulnerability

ZDI-19-255
ZDI-CAN-7477

CVE ID CVE-2019-6742
CVSS SCORE 10.0, (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
AFFECTED VENDORS Samsung
AFFECTED PRODUCTS Galaxy S9
VULNERABILITY DETAILS

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S9. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the handling of the GameServiceReceiver update mechanism. An attacker can leverage this vulnerability to execute code in the context of the current process.

ADDITIONAL DETAILS

Fixed in version 1.4.20.2 or above


DISCLOSURE TIMELINE
  • 2018-11-15 - Vulnerability reported to vendor
  • 2019-03-05 - Coordinated public release of advisory
  • 2019-06-14 - Advisory Updated
CREDIT MWR Labs - Georgi Geshev and Robert Miller
BACK TO ADVISORIES