CVE-2018-10502

Name of the Vulnerable Software and Affected Versions: Samsung Galaxy Apps versions prior to 4.2.18.2

Description: This issue allows local attackers to escalate privileges on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system. The flaw exists within the handling of a staging mode, specifically in the ability to change the configuration based on the presence of a file in a user-controlled location. This can be leveraged to escalate privileges to resources normally protected from the application.

Recommendations: For versions prior to 4.2.18.2, update to version 4.2.18.2 to resolve the issue. As a temporary workaround, consider restricting access to the staging mode to minimize the risk of exploitation.