Plateforme
android
Composant
samsung-email
Corrigé dans
SMR Feb-2021 Release 1
CVE-2021-25347 describes a hijacking vulnerability discovered in the Samsung Email application. This flaw allows attackers to intercept the execution of providers, potentially enabling unauthorized access and control. The vulnerability affects versions of Samsung Email prior to SMR Feb-2021 Release 1. A security patch has been released in SMR Feb-2021 Release 1.
The hijacking vulnerability in Samsung Email allows an attacker to intercept the execution of providers. This means that if a user interacts with a provider within the email application (e.g., opening a specific attachment or link), the attacker could potentially inject malicious code or redirect the execution flow. The impact could range from data theft (accessing sensitive information within emails) to more severe consequences like remote code execution, depending on the provider's functionality and the attacker's capabilities. While the specific attack vectors are not detailed in the CVE description, the potential for provider hijacking presents a significant security risk.
CVE-2021-25347 was publicly disclosed on March 4, 2021. There is no indication of active exploitation campaigns targeting this vulnerability at this time. No public proof-of-concept (PoC) code has been released. The vulnerability is not currently listed on the CISA KEV catalog. The medium CVSS score suggests a moderate level of exploitability and potential impact.
Users of Samsung Android devices running versions of the Samsung Email application prior to SMR Feb-2021 Release 1 are at risk. This includes individuals who have not updated their email application and those who rely on the application for sensitive communications. Shared devices or enterprise deployments using older versions of the application are particularly vulnerable.
• android / app: Monitor Samsung Email app logs for unusual provider execution patterns. Use Android Debug Bridge (ADB) to inspect app permissions and identify any suspicious modifications.
• android / app: Check for unauthorized modifications to the Samsung Email application package using tools like APK Analyzer.
• android / system: Review system logs for any unexpected network connections originating from the Samsung Email application. Use adb logcat to filter for relevant events.
• android / system: Utilize Android's security features, such as SELinux, to enforce stricter access controls and limit the application's capabilities.
disclosure
Statut de l'Exploit
EPSS
0.01% (percentile 3%)
Vecteur CVSS
The primary mitigation for CVE-2021-25347 is to immediately upgrade the Samsung Email application to SMR Feb-2021 Release 1 or later. This update contains the necessary fixes to prevent the provider hijacking vulnerability. If upgrading is not immediately feasible due to compatibility issues or testing requirements, consider restricting user access to potentially malicious providers or implementing stricter email filtering policies. Monitor email traffic for unusual provider execution patterns. After upgrading, confirm the fix by attempting to trigger a provider execution and verifying that it behaves as expected without any signs of interception or malicious activity.
Mettez à jour l'application Samsung Email à la version SMR Février-2021 Release 1 ou ultérieure. Cette mise à jour corrige la vulnérabilité de détournement qui permet aux attaquants d'intercepter l'exécution du fournisseur.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2021-25347 is a medium severity vulnerability in Samsung Email affecting versions prior to SMR Feb-2021 Release 1, allowing attackers to intercept provider execution.
You are affected if you are using Samsung Email version prior to SMR Feb-2021 Release 1. Check your app version and update if necessary.
Upgrade Samsung Email to SMR Feb-2021 Release 1 or later to resolve the hijacking vulnerability.
There is currently no indication of active exploitation campaigns targeting CVE-2021-25347.
Refer to the Samsung Security Bulletin for details: [https://security.samsungmobile.com/securityDB/securityBulletin.do?svrhdwYwdlr=CVE-2021-25347](https://security.samsungmobile.com/securityDB/securityBulletin.do?svrhdwYwdlr=CVE-2021-25347)
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.
Téléverse ton fichier build.gradle et nous te dirons instantanément si tu es affecté.