CVE-2018-11614

Name of the Vulnerable Software and Affected Versions Samsung Members versions prior to 2.4.25

Description This issue allows remote attackers to escalate privileges on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system. The flaw exists within the handling of Intents, specifically in the ability to send an Intent that would not otherwise be reachable. This can be leveraged to escalate privileges to resources normally protected from the application.

Recommendations For versions prior to 2.4.25, update to version 2.4.25 to resolve the issue. As a temporary workaround, consider restricting the handling of Intents to minimize the risk of exploitation.