CVE-2019-15443

Name of the Vulnerable Software and Affected Versions Samsung J7 Max Android device with a build fingerprint of samsung/j7maxlteins/j7maxlte:8.1.0/M1AJQ/G615FXXU2BSB1:user/release-keys com.samsung.android.themecenter app version 7.0.1.0

Description The issue concerns a pre-installed app on the Samsung J7 Max Android device that allows other pre-installed apps to install apps via an accessible component. This capability can be accessed by any pre-installed app that obtains the required signatureOrSystem permissions.

Recommendations For the Samsung J7 Max Android device, consider restricting the com.samsung.android.themecenter app's capabilities to prevent unauthorized app installations until a patch is available. For the com.samsung.android.themecenter app version 7.0.1.0, avoid using the app's installation feature until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.