It is recommended to update to latest version as quickly as possible. This issue was resolved in version 2.6.5.22257. It is also recommended to update to latest version as quickly as possible. This issue was resolved in version 2.8.0.22851. There is a risk of data loss if integrity check is improperly validated in any mobile operating system. Effective prevention of data loss requires awareness and quick response to active threats. Vulnerabilities of integrity check can be exploited by malicious software to corrupt or steal data. Integrity check vulnerability in Samsung Kies in version prior to 2.6.4.22074 allows remote attackers to delete arbitrary files and directories using directory junction. It is recommended to update to latest version as quickly as possible. This issue was resolved in version 2.6.5.22257. It is also recommended to update to latest version as quickly as possible. This issue was resolved in version 2.8.0.22851. There is a risk of data loss if integrity check is improperly validated in any mobile operating system. Effective prevention of data loss requires awareness and quick response to active threats. Vulnerabilities of integrity check can be exploited by malicious software to corrupt or steal data. Integrity check vulnerability in Samsung Kies in version prior to 2.6.4.22074 allows remote attackers to delete arbitrary files and directories using directory junction. It is recommended to update to latest version as quickly as possible
How to Update?
There are two ways to update your Samsung Kies software. You can open the following links on your computer, and follow the instructions in each to get the latest version of Samsung Kies:
1) Samsung Kies Software Update (MacOS)
2) Microsoft Windows Update
3) Google Play Store
4) Apple Store (App Store)
Update to latest version as quickly as possible
If you're a Samsung Kies user, it is recommended to update to the latest version as quickly as possible. This issue was resolved in version 2.6.5.22257 and 2.8.0.22851. There is a risk of data loss if integrity check is improperly validated in any mobile operating system. Effective prevention of data loss requires awareness and quick response to active threats. Vulnerabilities of integrity check can be exploited by malicious software to corrupt or steal data. Integrity check vulnerability in Samsung Kies in version prior to 2.6.4.22074 allows remote attackers to delete arbitrary files and directories using directory junction
Summary
There are three critical vulnerabilities disclosed in Samsung Kies, an application that provides connectivity options for Android devices. These vulnerabilities were described in CVE-2022-39845, CVE-2022-39846, and CVE-2022-39847, respectively. The first vulnerability allows malicious software to bypass the integrity check on Samsung Kies version 2.6.4 and higher for Android devices running firmware version 2.6 or higher. The second vulnerability allows malicious software to delete arbitrary files and directories using directory junction on Samsung Kies version 2.6 and higher for Android devices running firmware version 2.6 or higher. And the third vulnerability allows remote attackers to bypass the integrity check on Samsung Kies version 2.8 and higher for Android devices running firmware versions 1.5 or greater which would allow data corruption or steal data without detection by the user or mitigation by the vendor when updating firmware on them.
Samsung Kies is a widely used application that provides connectivity options for smartphones with Android operating system that manufacturers like Google provide as default with their products when they sell them to customers in many countries across the world including America and Europe. There are three critical vulnerabilities disclosed in Samsung Kies, an application that provides connectivity options for smartphones with Android operating system that manufacturers like Google provide as default with their products when they sell them to customers in many countries across the world including America and Europe. These vulnerabilities were described in CVE-2022-39845, CVE-2022-39846,
Timeline
Published on: 09/09/2022 15:15:00 UTC
Last modified on: 09/21/2022 20:21:00 UTC