CVE-2018-16271

Name of the Vulnerable Software and Affected Versions: wemail consumer service versions prior to build RE2

Description: The issue arises from improper D-Bus security policy configurations in the wemail consumer service, part of the built-in wemail application on Samsung Galaxy Gear series devices. This allows an unprivileged process to manipulate a user's mailbox. Furthermore, it enables the sending of arbitrary emails from the mailbox via the paired smartphone. This issue affects devices running Tizen-based firmwares, specifically Samsung Galaxy Gear series devices before build RE2.

Recommendations: For versions prior to build RE2, update the firmware to a version that includes the necessary security policy configurations to prevent unprivileged processes from manipulating the mailbox. As a temporary workaround, consider restricting access to the wemail consumer service to minimize the risk of exploitation.