平台
android
组件
samsung-email
修复版本
SMR Feb-2021 Release 1
CVE-2021-25347 describes a hijacking vulnerability discovered in the Samsung Email application. This flaw allows attackers to intercept the execution of providers, potentially enabling unauthorized access and control. The vulnerability affects versions of Samsung Email prior to SMR Feb-2021 Release 1. A security patch has been released in SMR Feb-2021 Release 1.
The hijacking vulnerability in Samsung Email allows an attacker to intercept the execution of providers. This means that if a user interacts with a provider within the email application (e.g., opening a specific attachment or link), the attacker could potentially inject malicious code or redirect the execution flow. The impact could range from data theft (accessing sensitive information within emails) to more severe consequences like remote code execution, depending on the provider's functionality and the attacker's capabilities. While the specific attack vectors are not detailed in the CVE description, the potential for provider hijacking presents a significant security risk.
CVE-2021-25347 was publicly disclosed on March 4, 2021. There is no indication of active exploitation campaigns targeting this vulnerability at this time. No public proof-of-concept (PoC) code has been released. The vulnerability is not currently listed on the CISA KEV catalog. The medium CVSS score suggests a moderate level of exploitability and potential impact.
Users of Samsung Android devices running versions of the Samsung Email application prior to SMR Feb-2021 Release 1 are at risk. This includes individuals who have not updated their email application and those who rely on the application for sensitive communications. Shared devices or enterprise deployments using older versions of the application are particularly vulnerable.
• android / app: Monitor Samsung Email app logs for unusual provider execution patterns. Use Android Debug Bridge (ADB) to inspect app permissions and identify any suspicious modifications.
• android / app: Check for unauthorized modifications to the Samsung Email application package using tools like APK Analyzer.
• android / system: Review system logs for any unexpected network connections originating from the Samsung Email application. Use adb logcat to filter for relevant events.
• android / system: Utilize Android's security features, such as SELinux, to enforce stricter access controls and limit the application's capabilities.
disclosure
漏洞利用状态
EPSS
0.01% (3% 百分位)
CVSS 向量
The primary mitigation for CVE-2021-25347 is to immediately upgrade the Samsung Email application to SMR Feb-2021 Release 1 or later. This update contains the necessary fixes to prevent the provider hijacking vulnerability. If upgrading is not immediately feasible due to compatibility issues or testing requirements, consider restricting user access to potentially malicious providers or implementing stricter email filtering policies. Monitor email traffic for unusual provider execution patterns. After upgrading, confirm the fix by attempting to trigger a provider execution and verifying that it behaves as expected without any signs of interception or malicious activity.
将 Samsung Email 应用程序更新到 SMR 二月 2021 发布版 1 或更高版本。此更新修复了允许攻击者拦截提供程序执行的劫持漏洞。
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2021-25347 is a medium severity vulnerability in Samsung Email affecting versions prior to SMR Feb-2021 Release 1, allowing attackers to intercept provider execution.
You are affected if you are using Samsung Email version prior to SMR Feb-2021 Release 1. Check your app version and update if necessary.
Upgrade Samsung Email to SMR Feb-2021 Release 1 or later to resolve the hijacking vulnerability.
There is currently no indication of active exploitation campaigns targeting CVE-2021-25347.
Refer to the Samsung Security Bulletin for details: [https://security.samsungmobile.com/securityDB/securityBulletin.do?svrhdwYwdlr=CVE-2021-25347](https://security.samsungmobile.com/securityDB/securityBulletin.do?svrhdwYwdlr=CVE-2021-25347)
上传你的 build.gradle 文件,立即知道是否受影响。