The Samsung Text-to-speech Engine System Component on Android suffers from a local privilege escalation vulnerability. Versions before 3.0.02.7 and 3.0.00.101 are affected.
0d093179d423c619721dc672bd7bc6eaeeb19d3efbc97e21f23bfea24d9f9d7a[CVE-2019-16253] Privilege Escalation in Samsung Mobile Android SamsungTTS Component
Software:
--------
Samsung Text-to-speech Engine System Component on Android
Description:
----------
The Text-to-speech Engine (aka SamsungTTS) before 3.0.02.7/3.0.00.101 for Android allows a local attacker to escalate privilege, e.g., to system privilege. This issue is reported to & confirmed and patched by Samsung Mobile Security Rewards Program under case ID 101755.
Patched version:
------------
- Android N,O or older : 3.0.00.101
- Android P : 3.0.02.7
Impact:
-------
A successful local attack can obtain system privilege on vulnerable phones.
Solution:
---------
Update the TTS component via Galaxy AppStore to newest version or versions later than patched versions listed above.
Credit:
-------
Discovered by Qidan He (a.k.a Edward Flanker, @flanker_hqd). Detailed about this vulnerability will be released shortly after confirmation from Samsung Mobile for responsible disclosure.
------------------
Sincerely
Qidan (a.k.a Flanker)
Website: https://blog.flanker017.me
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed