Stealth Assassin

**Name of the Vulnerable Software and Affected Versions** SAssistant versions prior to 8.7 **Description** The issue allows local attackers to access backup data in SAssistant due to an improper preservation of permissions. This enables unauthorized access to sensitive information. **Recommendations** For versions prior to 8.7, update to version 8.7 or later to resolve the issue. As a temporary workaround, consider restricting access to backup data in SAssistant until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Galaxy Store versions prior to 4.5.56.6 **Description** The issue is related to improper sanitization of incoming intent in Galaxy Store, allowing local attackers to access privileged content providers as Galaxy Store permission. **Recommendations** For Galaxy Store versions prior to 4.5.56.6, update to version 4.5.56.6 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Samsung Members versions prior to 14.0.07.1 **Description** The issue is related to improper URL validation, which allows attackers to access sensitive information. **Recommendations** For versions prior to 14.0.07.1, update to version 14.0.07.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** SearchWidget versions prior to 3.3 **Description** The issue is related to improper access control in the SearchWidget, which allows untrusted applications to start arbitrary activities. This could potentially lead to unauthorized access or actions within the system. **Recommendations** For versions prior to 3.3, update to version 3.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the SearchWidget to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Samsung Blockchain Keystore versions prior to 1.3.12.1 **Description** The issue is related to an Out-of-bounds Write vulnerability that occurs while processing the `BC TUI CMD SEND RESOURCE DATA ARRAY` command in the `bc tui` trustlet. This allows a local attacker to execute arbitrary code. **Recommendations** For versions prior to 1.3.12.1, update to version 1.3.12.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the `bc tui` trustlet to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Waterplugin versions prior to 2.2.11.22040751 **Description** The issue is related to improper handling of insufficient permissions or privileges, allowing an attacker to access sensitive device information, including the IMEI and Serial number. **Recommendations** For versions prior to 2.2.11.22040751, update to version 2.2.11.22040751 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Waterplugin versions prior to 2.2.11.22081151 **Description** The issue is related to an improper restriction of broadcasting Intent in the GalaxyStoreBridgePageLinker of the Waterplugin, which leaks the MAC address of the connected Bluetooth device. **Recommendations** For versions prior to 2.2.11.22081151, update to version 2.2.11.22081151 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Samsung Account versions prior to 13.2.00.6 **Description** The issue allows attackers to expose sensitive information, specifically user email or phone number, without permission in the Sign-out log. This is a case of sensitive information exposure. **Recommendations** For versions prior to 13.2.00.6, update to version 13.2.00.6 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Smart Things versions prior to 1.7.85.25 **Description** The issue allows local attackers to access files without permission via implicit Intent. This is due to a PendingIntent hijacking vulnerability. **Recommendations** For versions prior to 1.7.85.25, update to version 1.7.85.25 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive files and directories to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Samsung Account versions prior to 13.2.00.6 **Description** The issue allows attackers to obtain an email ID through Implicit Intent hijacking. **Recommendations** For versions prior to 13.2.00.6, update to version 13.2.00.6 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Samsung Account versions prior to 13.2.00.6 **Description** The issue is related to improper privilege management, allowing attackers to access contact and gallery data without permission. **Recommendations** For versions prior to 13.2.00.6, update to version 13.2.00.6 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Samsung Account versions prior to 13.2.00.6 **Description** The issue is related to improper privilege management, allowing attackers to obtain the `access token` without permission. **Recommendations** For versions prior to 13.2.00.6, update to version 13.2.00.6 or later to resolve the issue.