Samuel Siino

**Name of the Vulnerable Software and Affected Versions** Knox SDS IAM and EMM version 16.11 **Description** A man-in-the-middle attacker can install any application into the Knox container without the user's knowledge by inspecting network traffic from a Samsung server and injecting content at a certain point in the update sequence. This installed application can further leak information stored inside the Knox container to the outside world. **Recommendations** For Knox SDS IAM and EMM version 16.11, consider restricting access to the update sequence to minimize the risk of exploitation. As a temporary workaround, restrict network traffic from Samsung servers to prevent content injection. At the moment, there is no information about a newer version that contains a fix for this vulnerability.