Blunt

**Name of the Vulnerable Software and Affected Versions** Samsung Internet versions prior to 28.0.0.59 **Description** The issue is related to the improper handling of insufficient permission in the ClientProvider component of Samsung Internet. This allows local attackers to read and write arbitrary files on non-Samsung devices. **Recommendations** For versions prior to 28.0.0.59, update to version 28.0.0.59 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Smart Switch versions prior to 3.7.64.10 **Description** The issue is related to improper authorization, allowing local attackers to read data with the privilege of Smart Switch on non-Samsung devices. User interaction is required to trigger this issue. **Recommendations** For versions prior to 3.7.64.10, update to version 3.7.64.10 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Samsung Flow versions prior to 4.9.17.6 **Description** The issue is related to improper verification of intent by a broadcast receiver, allowing local attackers to modify the configuration. This could potentially lead to unauthorized changes in the Samsung Flow setup. **Recommendations** For versions prior to 4.9.17.6, update to version 4.9.17.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the broadcast receiver to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Samsung Notes versions prior to 4.4.29.23 **Description** The issue concerns the use of implicit intent for sensitive communication in translation, allowing local attackers to obtain sensitive information. User interaction is required to trigger this issue. **Recommendations** For versions prior to 4.4.29.23, update to version 4.4.29.23 or later to resolve the issue. As a temporary workaround, consider restricting the use of the translation feature in Samsung Notes until the update is applied.

**Name of the Vulnerable Software and Affected Versions** PENUP versions prior to 3.9.19.32 **Description** The issue is related to improper access control, allowing local attackers to access files with PENUP privilege. **Recommendations** For versions prior to 3.9.19.32, update to version 3.9.19.32 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Samsung Notes versions prior to 4.4.26.71 **Description** The issue is related to an out-of-bounds read in applying extra data of base content. This allows attackers to read out-of-bounds memory. **Recommendations** For versions prior to 4.4.26.71, update to version 4.4.26.71 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Samsung Voice Recorder versions prior to 21.5.16.01 in Android 12 and Android 13 Samsung Voice Recorder versions prior to 21.4.51.02 in Android 14 **Description** The issue is related to improper access control in the Samsung Voice Recorder, allowing physical attackers to access recording files on the lock screen. This could potentially expose sensitive information. **Recommendations** For Samsung Voice Recorder versions prior to 21.5.16.01 in Android 12 and Android 13, update to version 21.5.16.01 or later. For Samsung Voice Recorder versions prior to 21.4.51.02 in Android 14, update to version 21.4.51.02 or later.

**Name of the Vulnerable Software and Affected Versions** Samsung Internet versions prior to 24.0.3.2 **Description** The issue is related to an improper validation vulnerability that allows local attackers to execute arbitrary code. This vulnerability can be exploited by local attackers. **Recommendations** For Samsung Internet versions prior to 24.0.3.2, update to version 24.0.3.2 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive features or data within the browser until the update is applied.