CVE-2019-15455

Name of the Vulnerable Software and Affected Versions Samsung J5 Android device with a build fingerprint of samsung/j5y17ltexx/j5y17lte:8.1.0/M1AJQ/J530FXXU3BRL1:user/release-keys com.samsung.android.themecenter app version 7.0.1.0

Description The issue concerns a pre-installed app on the Samsung J5 Android device that allows other pre-installed apps to install apps via an accessible component. This capability can be accessed by any pre-installed app that obtains signatureOrSystem permissions required by other pre-installed apps that have exported their capabilities.

Recommendations For the Samsung J5 Android device with the specified build fingerprint, consider restricting the com.samsung.android.themecenter app's capabilities to prevent unauthorized app installations. For the com.samsung.android.themecenter app version 7.0.1.0, restrict access to the app component that allows other pre-installed apps to perform app installations until a fix is available.