H0Rd7

**Name of the Vulnerable Software and Affected Versions** Wearable Manager Installer versions prior to SMR Mar-2022 Release 1 **Description** The issue allows local attackers to perform unauthorized actions without permission by hijacking the `PendingIntent`. This can lead to exploitation where attackers gain access to perform actions that are not authorized. **Recommendations** For versions prior to SMR Mar-2022 Release 1, update to SMR Mar-2022 Release 1 or later to resolve the issue. As a temporary workaround, consider restricting access to the Wearable Manager Installer to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Weather application versions prior to SMR Mar-2022 Release 1 **Description** The issue allows local attackers to perform unauthorized actions without permission by hijacking the PendingIntent. **Recommendations** For versions prior to SMR Mar-2022 Release 1, update to SMR Mar-2022 Release 1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Bixby Vision versions prior to 3.7.60.8 Bixby Vision versions prior to 3.7.50.6 **Description** A vulnerability using `PendingIntent` in Bixby Vision allows attackers to execute privileged actions by hijacking and modifying the intent. **Recommendations** For versions prior to 3.7.60.8, update to version 3.7.60.8 or later. For versions prior to 3.7.50.6, update to version 3.7.50.6 or later. As a temporary workaround, consider restricting the use of `PendingIntent` in Bixby Vision until a patch is available.

**Name of the Vulnerable Software and Affected Versions** DeX Home and DeX for PC versions prior to SMR Feb-2022 Release 1 **Description** A vulnerability using `PendingIntent` allows attackers to access files with system privilege. **Recommendations** For DeX Home and DeX for PC versions prior to SMR Feb-2022 Release 1, update to SMR Feb-2022 Release 1 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive files and system privileges until the update is applied.

**Name of the Vulnerable Software and Affected Versions** DataUsageReminderReceiver versions prior to SMR Feb-2022 Release 1 **Description** The issue allows local attackers to access media files without permission in KnoxPrivacyNoticeReceiver via implicit Intent. This is due to a PendingIntent hijacking vulnerability in DataUsageReminderReceiver. **Recommendations** For versions prior to SMR Feb-2022 Release 1, consider restricting access to the `DataUsageReminderReceiver` to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using implicit Intents with `KnoxPrivacyNoticeReceiver` to prevent unauthorized media file access.

**Name of the Vulnerable Software and Affected Versions** CpaReceiver versions prior to SMR Feb-2022 Release 1 **Description** The issue allows local attackers to access media files without permission in KnoxPrivacyNoticeReceiver via implicit Intent. This is due to a PendingIntent hijacking vulnerability in CpaReceiver. **Recommendations** For versions prior to SMR Feb-2022 Release 1, consider restricting access to the KnoxPrivacyNoticeReceiver to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using implicit Intents in the CpaReceiver until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** KnoxPrivacyNoticeReceiver versions prior to SMR Feb-2022 Release 1 **Description** The issue allows local attackers to access media files without permission via implicit Intent. This is due to a PendingIntent hijacking vulnerability in KnoxPrivacyNoticeReceiver. **Recommendations** For versions prior to SMR Feb-2022 Release 1, update to the SMR Feb-2022 Release 1 or later to resolve the issue. As a temporary workaround, consider restricting access to media files to minimize the risk of exploitation.