CVE-2019-15456

Name of the Vulnerable Software and Affected Versions Samsung J6 Android device with a build fingerprint of samsung/j6ltexx/j6lte:8.0.0/R16NW/J600FNXXU3ASC1:user/release-keys com.samsung.android.themecenter app version 7.0.0.0

Description The issue concerns a pre-installed app on the Samsung J6 Android device that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device that can obtain signatureOrSystem permissions required by other pre-installed apps that exported their capabilities.

Recommendations For the Samsung J6 Android device, consider restricting access to the com.samsung.android.themecenter app until a patch is available. For the com.samsung.android.themecenter app version 7.0.0.0, avoid using the app installation capability via the accessible app component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.