CVE-2022-39873 In Samsung Internet prior to version 18.0.4.14, improper authorization vulnerability allows attackers to add bookmarks in secret mode.
This issue occurs because Samsung Internet does not prompt user to confirm a change in secret mode bookmarks upon enabling/disabling them. In addition, it does not check if secret mode bookmarks were added by the same user or not. As a result, a physically present attacker may add bookmarks in secret mode. This issue can lead to social engineering attacks and hijacking private data through secret mode bookmarks. Secret mode is intended for sensitive or confidential information. Therefore, users should confirm changes in secret mode bookmarks to prevent possible data leakage. Vendor response: Prior to release 18.0.4.14, Samsung was aware of this issue and was working on a fix. It released an update with the fix in version 18.0.4.14. Reportedly, this issue has been fixed in version 18.1. Fixed in version 18.1 CVE discovered by Eric Volz of Tinfoil Security. Summary
Vulnerability outline
This vulnerability is in Samsung Internet's implementation of secret mode bookmarks. Secret mode is intended for sensitive personal information such as passwords and banking details. A physically present attacker can use this issue to social engineer attacks and hijack private data through secret mode bookmarks.
The important thing about "secret mode" is that no one should ever be able to see what you're doing online, but if you've enabled it for some reason, then anyone with access to your device could also view your activity. The problem is that Samsung doesn't prompt the user when they enable/disable secret mode bookmarks, meaning they won't know if someone else has changed them without their consent until it's too late.
Products Affected
Samsung Internet for Android
The vulnerability affects the following Samsung products:
· Galaxy S6 Active with model number SM-G891A
· Galaxy Tab S3 with model number SM-T813
Introduction
The Samsung Internet browser contains an issue that can be exploited by a remote attacker to compromise users' privacy. The vulnerability is caused by not prompting the user to confirm bookmarks were added by the same user, allowing a physically present attacker to add bookmarks in secret mode. This could lead to social engineering attacks and hijacking private data through secret mode bookmarks. Secret mode is intended for sensitive or confidential information, so users must confirm changes in secret mode bookmarks to prevent possible leakage of information.
Vulnerability overview: Samsung doesn't prompt user to confirm a change in secret mode bookmarks
CVE-2022-39873 is a vulnerability in Samsung Internet. This issue occurs because Samsung Internet does not prompt user to confirm a change in secret mode bookmarks upon enabling/disabling them. In addition, it does not check if secret mode bookmarks were added by the same user or not. As a result, a physically present attacker may add bookmarks in secret mode. This issue can lead to social engineering attacks and hijacking private data through secret mode bookmarks. Secret mode is intended for sensitive or confidential information. Therefore, users should confirm changes in secret mode bookmarks to prevent possible data leakage.
Timeline
Published on: 10/07/2022 15:15:00 UTC
Last modified on: 10/09/2022 02:11:00 UTC