Plattform
android
Komponente
samsung-internet
Behoben in
25.0.0.41
CVE-2024-20869 describes an improper privilege management vulnerability discovered in Samsung Internet. This flaw allows a local attacker to bypass protection mechanisms related to cookies, potentially granting them unauthorized access to sensitive information. The vulnerability affects versions of Samsung Internet prior to 25.0.0.41, and a patch has been released to address the issue.
The core impact of CVE-2024-20869 lies in the ability of a local attacker to circumvent cookie protection within Samsung Internet. Cookies often store authentication tokens, session identifiers, and other sensitive data. By bypassing these protections, an attacker could potentially hijack user sessions, access personal data, or perform actions on behalf of the user without their knowledge or consent. The scope of the attack is limited to a local attacker with access to the device running Samsung Internet. While not a remote code execution vulnerability, the potential for data theft and session hijacking makes this a significant security concern, particularly given the widespread use of Samsung Internet on Android devices.
CVE-2024-20869 was publicly disclosed on May 7, 2024. As of this writing, there are no publicly available proof-of-concept exploits. The vulnerability's impact is limited to local access, which reduces the likelihood of widespread, automated exploitation. It is not currently listed on the CISA KEV catalog. The probability of exploitation is considered low to medium, pending the release of a public exploit.
Users of Samsung devices running vulnerable versions of Samsung Internet (≤24.0.0.40) are at risk. This includes individuals who haven't updated their browser recently, as well as organizations that manage fleets of Samsung devices and may need to proactively deploy the update. Shared devices or those with lax security practices are particularly vulnerable.
• android / app: Examine application permissions for unusual access to cookies or browser data. Use Android Debug Bridge (ADB) to inspect the Samsung Internet application's data directory for suspicious files or configurations.
adb shell pm list packages -f
adb shell ls -l /data/data/com.sec.android.app.sbrowser• android / app: Monitor system logs for unusual activity related to cookie access or modification. Use Android Studio's Logcat to filter for relevant events. • android / app: Check for unauthorized applications with elevated privileges that could exploit this vulnerability. Use ADB to list installed packages and their permissions.
adb shell pm list packages -gdisclosure
Exploit-Status
EPSS
0.02% (5% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2024-20869 is to upgrade Samsung Internet to version 25.0.0.41 or later. This version includes the necessary fixes to properly manage privileges and prevent cookie bypass. If immediate upgrading is not possible, consider implementing stricter application sandboxing policies on Android devices to limit the potential impact of a successful attack. While a direct workaround isn't available, regularly reviewing and updating app permissions can help reduce the attack surface. After upgrading, confirm the fix by attempting to access cookies from a different application or process; the protection mechanisms should now be enforced.
Actualice Samsung Internet a la versión 25.0.0.41 o posterior. Puede actualizar la aplicación a través de la tienda de aplicaciones de Samsung o Google Play Store. Esto solucionará la vulnerabilidad de gestión de privilegios.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-20869 is a medium-severity vulnerability in Samsung Internet that allows local attackers to bypass cookie protection, potentially leading to unauthorized access to sensitive data.
You are affected if you are using Samsung Internet version 24.0.0.40 or earlier. Upgrade to version 25.0.0.41 to mitigate the risk.
The fix is to upgrade Samsung Internet to version 25.0.0.41 or later. If immediate upgrade is not possible, consider stricter cookie policies.
There is currently no evidence of active exploitation, but a proof-of-concept may emerge in the future.
Refer to the official Samsung Security Advisories page for details: https://security.samsung.com/
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine build.gradle-Datei hoch und wir sagen dir sofort, ob du betroffen bist.