CVE-2018-16267

Name of the Vulnerable Software and Affected Versions: Tizen versions prior to 5.0 M1 Tizen-based firmwares including Samsung Galaxy Gear series before build RE2

Description: The system-popup system service in Tizen has improper D-Bus security policy configurations, allowing an unprivileged process to perform popup-related system actions. These actions include triggering the system poweroff menu and prompting a popup with arbitrary strings.

Recommendations: For Tizen versions prior to 5.0 M1, update to version 5.0 M1 or later to resolve the issue. For Tizen-based firmwares including Samsung Galaxy Gear series before build RE2, update to build RE2 or later to resolve the issue. As a temporary workaround, consider restricting access to the system-popup system service to minimize the risk of exploitation.