Harsh Tyagi

**Name of the Vulnerable Software and Affected Versions** Samsung Notes versions prior to 4.4.30.63 **Description** Improper access control in Samsung Notes prior to version 4.4.30.63 allows local privileged attackers to access exported note files. User interaction is required for exploitation. **Recommendations** Update Samsung Notes to version 4.4.30.63 or later.

**Name of the Vulnerable Software and Affected Versions** Samsung Pass versions prior to 4.4.04.7 **Description** The issue is related to improper authentication in the Private Info feature of Samsung Pass, allowing physical attackers to access sensitive information in a specific scenario. **Recommendations** For versions prior to 4.4.04.7, update to version 4.4.04.7 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Samsung Notes versions prior to 4.4.21.62 **Description** The issue is a heap-based out-of-bounds write that allows local attackers to execute arbitrary code. This can be exploited by attackers to gain unauthorized access and control over the affected system. **Recommendations** For versions prior to 4.4.21.62, update to version 4.4.21.62 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive features or functions within Samsung Notes until the update is applied.

Name of the Vulnerable Software and Affected Versions: iPadOS versions prior to 17.3 iOS versions prior to 17.3 Description: The issue is related to a lack of protection for sensitive data in the Notes component of iPadOS and iOS. It may allow a remote attacker to disclose protected information. The problem was addressed through improved state management. Locked Notes content may have been unexpectedly unlocked. Recommendations: For iPadOS versions prior to 17.3, update to iPadOS 17.3 to resolve the issue. For iOS versions prior to 17.3, update to iOS 17.3 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 17.4 iPadOS versions prior to 17.4 **Description** The issue allows a deleted photo to be re-surfaced without authentication through the shake-to-undo feature. This is due to inadequate checks that have been improved in the fixed versions. **Recommendations** For iOS versions prior to 17.4, update to iOS 17.4 to resolve the issue. For iPadOS versions prior to 17.4, update to iPadOS 17.4 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** macOS Sonoma versions prior to 14.4 iOS versions prior to 17.4 iPadOS versions prior to 17.4 **Description** An authentication issue was addressed with improved state management, allowing photos in the Hidden Photos Album to be viewed without authentication. **Recommendations** For macOS Sonoma versions prior to 14.4, update to macOS Sonoma 14.4 to resolve the issue. For iOS versions prior to 17.4, update to iOS 17.4 to resolve the issue. For iPadOS versions prior to 17.4, update to iPadOS 17.4 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Samsung Pass versions prior to 4.3.00.17 **Description** The issue allows physical attackers to bypass authentication due to an invalid exception handler. This is related to an improper authentication mechanism. **Recommendations** For versions prior to 4.3.00.17, update to version 4.3.00.17 or later to resolve the issue. As a temporary workaround, consider restricting physical access to devices using Samsung Pass until the update can be applied.

**Name of the Vulnerable Software and Affected Versions** Samsung Internet versions prior to 22.0.0.35 **Description** The issue allows a physical attacker to access downloaded files in Secret Mode without user authentication due to an improper authorization vulnerability. **Recommendations** For versions prior to 22.0.0.35, update to version 22.0.0.35 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Samsung Pass versions prior to 4.2.03.1 **Description** The issue is related to improper access control, allowing physical attackers to access Samsung Pass data. **Recommendations** For versions prior to 4.2.03.1, update to version 4.2.03.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Samsung Pass versions prior to 4.0.06.7 **Description** The issue is related to improper access control in Samsung Pass, allowing physical attackers to access data on an unlocked device in a specific state using a pop-up view. **Recommendations** For versions prior to 4.0.06.7, update to version 4.0.06.7 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Samsung Pass versions prior to 4.0.06.1 **Description** The issue is related to an improper check or handling of exceptional conditions in Samsung Pass, allowing an attacker to access Samsung Pass. **Recommendations** For versions prior to 4.0.06.1, update to version 4.0.06.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Samsung pass versions prior to 4.0.03.1 **Description** The issue is related to improper access control in Samsung pass, allowing physical attackers to access data on a certain state of an unlocked device. **Recommendations** For versions prior to 4.0.03.1, update to version 4.0.03.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Samsung Pass versions prior to 1.0.00.33 **Description** The issue is related to improper authorization, allowing physical attackers to access the account list without authentication. This could potentially expose sensitive information. **Recommendations** For versions prior to 1.0.00.33, update to version 1.0.00.33 or later to resolve the issue. As a temporary workaround, consider restricting physical access to devices with Samsung Pass installed until the update can be applied.

**Name of the Vulnerable Software and Affected Versions** S Secure versions prior to SMR Apr-2022 Release 1 **Description** The issue allows physical attackers to use the locked Myfiles app without authentication due to an improper authentication vulnerability. **Recommendations** For versions prior to SMR Apr-2022 Release 1, update to SMR Apr-2022 Release 1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Samsung Pass versions prior to 3.7.07.5 **Description** The issue is related to improper exception handling, allowing a physical attacker to view the previously running screen without authentication. **Recommendations** For versions prior to 3.7.07.5, update to version 3.7.07.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Samsung Internet versions prior to 16.2.1 **Description** The issue is related to an improper authentication vulnerability in the SecretMode of Samsung Internet. This vulnerability allows attackers to access the bookmark tab without proper credentials. **Recommendations** For versions prior to 16.2.1, update to version 16.2.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the SecretMode feature until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Microsoft OneDrive for Android (affected versions not specified) **Description** The issue is related to a security feature bypass vulnerability in the file hosting service of OneDrive for Android, associated with improper authorization. Exploitation of this issue may allow an attacker to access protected information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: S Secure versions prior to SMR MAY-2021 Release 1 Description: The issue is related to an improper running task check in S Secure, which allows attackers to use a locked app without authentication. Recommendations: For versions prior to SMR MAY-2021 Release 1, update to SMR MAY-2021 Release 1 or later to resolve the issue.