CVE-2015-9546

Name of the Vulnerable Software and Affected Versions: Samsung mobile devices with KK(4.4) and later software through 2015-06-16

Description: An issue was discovered where HTTP is used for an Inputmethod, rather than HTTPS, allowing a man-in-the-middle attacker to modify the client-server data stream and insert directory traversal sequences into an extracted file path.

Recommendations: For Samsung mobile devices with KK(4.4) and later software through 2015-06-16, consider disabling the use of HTTP for Inputmethod until a secure connection method, such as HTTPS, is implemented. Restrict access to sensitive data and functions to minimize the risk of exploitation.