CVE-2019-6741

Name of the Vulnerable Software and Affected Versions Samsung Galaxy S9 versions prior to January 2019 Security Update

Description This issue allows remote attackers to execute arbitrary code on vulnerable installations. User interaction is required, where the target must connect to a wireless network. The flaw exists within the captive portal, specifically by manipulating HTML to force a page redirection. This can be leveraged to execute code in the context of the current process.

Recommendations For Samsung Galaxy S9 versions prior to January 2019 Security Update, apply the January 2019 Security Update (SMR-JAN-2019) to resolve the issue. As a temporary workaround, consider avoiding connections to untrusted wireless networks to minimize the risk of exploitation.