PT-2016-7781 · Samsung · Samsung Mobile S7

Published

2016-11-23

Updated

2016-11-29

CVE-2016-9567

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Samsung Mobile S7 devices with M(6.0) software

Description The issue affects the mDNIe system service, which does not properly restrict setmDNIeScreenCurtain API calls. This enables attackers to control a device's screen, potentially allowing them to eavesdrop after phone shutdown or record conversations via a crafted application.

Recommendations For Samsung Mobile S7 devices with M(6.0) software, consider restricting access to the setmDNIeScreenCurtain API until a patch is available. As a temporary workaround, disabling the mDNIe system service may help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2016-9567

Affected Products

Samsung Mobile S7

PT-2016-7781 · Samsung · Samsung Mobile S7

CVE-2016-9567

Weakness Enumeration

Related Identifiers

Affected Products

References · 4