Plataforma
android
Componente
samsung-email
Corregido en
SMR Feb-2021 Release 1
CVE-2021-25347 describes a hijacking vulnerability discovered in the Samsung Email application. This flaw allows attackers to intercept the execution of providers, potentially enabling unauthorized access and control. The vulnerability affects versions of Samsung Email prior to SMR Feb-2021 Release 1. A security patch has been released in SMR Feb-2021 Release 1.
The hijacking vulnerability in Samsung Email allows an attacker to intercept the execution of providers. This means that if a user interacts with a provider within the email application (e.g., opening a specific attachment or link), the attacker could potentially inject malicious code or redirect the execution flow. The impact could range from data theft (accessing sensitive information within emails) to more severe consequences like remote code execution, depending on the provider's functionality and the attacker's capabilities. While the specific attack vectors are not detailed in the CVE description, the potential for provider hijacking presents a significant security risk.
CVE-2021-25347 was publicly disclosed on March 4, 2021. There is no indication of active exploitation campaigns targeting this vulnerability at this time. No public proof-of-concept (PoC) code has been released. The vulnerability is not currently listed on the CISA KEV catalog. The medium CVSS score suggests a moderate level of exploitability and potential impact.
Users of Samsung Android devices running versions of the Samsung Email application prior to SMR Feb-2021 Release 1 are at risk. This includes individuals who have not updated their email application and those who rely on the application for sensitive communications. Shared devices or enterprise deployments using older versions of the application are particularly vulnerable.
• android / app: Monitor Samsung Email app logs for unusual provider execution patterns. Use Android Debug Bridge (ADB) to inspect app permissions and identify any suspicious modifications.
• android / app: Check for unauthorized modifications to the Samsung Email application package using tools like APK Analyzer.
• android / system: Review system logs for any unexpected network connections originating from the Samsung Email application. Use adb logcat to filter for relevant events.
• android / system: Utilize Android's security features, such as SELinux, to enforce stricter access controls and limit the application's capabilities.
disclosure
Estado del Exploit
EPSS
0.01% (3% percentil)
Vector CVSS
The primary mitigation for CVE-2021-25347 is to immediately upgrade the Samsung Email application to SMR Feb-2021 Release 1 or later. This update contains the necessary fixes to prevent the provider hijacking vulnerability. If upgrading is not immediately feasible due to compatibility issues or testing requirements, consider restricting user access to potentially malicious providers or implementing stricter email filtering policies. Monitor email traffic for unusual provider execution patterns. After upgrading, confirm the fix by attempting to trigger a provider execution and verifying that it behaves as expected without any signs of interception or malicious activity.
Actualice la aplicación Samsung Email a la versión SMR Feb-2021 Release 1 o posterior. Esta actualización corrige la vulnerabilidad de secuestro que permite a los atacantes interceptar la ejecución del proveedor.
Análisis de vulnerabilidades y alertas críticas directamente en tu correo.
CVE-2021-25347 is a medium severity vulnerability in Samsung Email affecting versions prior to SMR Feb-2021 Release 1, allowing attackers to intercept provider execution.
You are affected if you are using Samsung Email version prior to SMR Feb-2021 Release 1. Check your app version and update if necessary.
Upgrade Samsung Email to SMR Feb-2021 Release 1 or later to resolve the hijacking vulnerability.
There is currently no indication of active exploitation campaigns targeting CVE-2021-25347.
Refer to the Samsung Security Bulletin for details: [https://security.samsungmobile.com/securityDB/securityBulletin.do?svrhdwYwdlr=CVE-2021-25347](https://security.samsungmobile.com/securityDB/securityBulletin.do?svrhdwYwdlr=CVE-2021-25347)
Sube tu archivo de dependencias y detecta esta y otras CVEs al instante.
Sube tu archivo build.gradle y te decimos al instante si estás afectado.