PT-2019-14194 · Samsung · Com.Samsung.Android.Themecenter+1

Published

2019-11-14

Updated

2020-08-24

CVE-2019-15465

CVSS v2.0

4.6

Medium

Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Samsung J7 Pro Android device with a build fingerprint of samsung/j7y17lteubm/j7y17lte:8.1.0/M1AJQ/J730GMUBS6BSC1:user/release-keys com.samsung.android.themecenter app version 7.0.1.0

Description The issue concerns a pre-installed app on the Samsung J7 Pro Android device that allows other pre-installed apps to install apps via an accessible component. This capability can be accessed by any pre-installed app that obtains the required signatureOrSystem permissions.

Recommendations For the Samsung J7 Pro Android device, consider restricting the com.samsung.android.themecenter app's capabilities to prevent unauthorized app installations. For the com.samsung.android.themecenter app version 7.0.1.0, avoid using the app's installation feature until a fix is provided.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2019-15465

Affected Products

Samsung J7 Pro

Com.Samsung.Android.Themecenter

PT-2019-14194 · Samsung · Com.Samsung.Android.Themecenter+1

CVE-2019-15465

Related Identifiers

Affected Products

References · 2