When an attacker sends a malicious formatted file to Samsung Email via email, it could cause the application to execute malicious code and grant attackers access to specific system files. The attacker can send a malicious formatted file to Samsung Email by using the following ways: By using “import” function to import malicious file into mail. By sending a malicious formatted email to a valid email address of a Samsung Email user. By using “Forward” function to forward a malicious email to a valid email address of a Samsung Email user. By sending a malicious formatted email to a valid email address of a Samsung Email user. By using “Forward” function to forward a malicious email to a valid email address of a Samsung Email user. By sending a malicious formatted email to a valid email address of a Samsung Email user. By using “Import” function to import malicious file into mail. By sending a malicious formatted email to a valid email address of a Samsung Email user. By using “Forward” function to forward a malicious email to a valid email address of a Samsung Email user. By sending a malicious formatted email to a valid email address of a Samsung Email user. By using “Import” function to import malicious file into mail. By sending a malicious formatted email to a valid email address of a Samsung Email user. By using “Forward” function to forward a malicious email to a valid email address of a Samsung Email user
Affected Devices
Most major devices are affected by this vulnerability.
How to check if you are vulnerable?
1. Open Samsung Email
2. Check if the email is not in the Junk folder
3. Check if the mail has a file attached
4. If all of these are true, then you are vulnerable to CVE-2022-36864, and should immediately update your device to prevent this vulnerability from occurring again
Timeline
Published on: 09/09/2022 15:15:00 UTC
Last modified on: 09/21/2022 20:34:00 UTC