CVE-2019-6742

Name of the Vulnerable Software and Affected Versions Samsung Galaxy S9 versions prior to 1.4.20.2

Description This issue allows remote attackers to execute arbitrary code on vulnerable installations. Authentication is not required to exploit this issue. The specific flaw exists within the handling of the GameServiceReceiver update mechanism, allowing an attacker to execute code in the context of the current process.

Recommendations For Samsung Galaxy S9 versions prior to 1.4.20.2, update to version 1.4.20.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the GameServiceReceiver update mechanism until a patch is available.