CVE-2022-1230

Name of the Vulnerable Software and Affected Versions Samsung Galaxy S21 versions prior to 4.5.40.5

Description This issue allows local attackers to execute arbitrary code on affected installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this issue. The specific flaw exists within the handling of redirections. An attacker can force a redirection to a site that serves malicious content. This can be leveraged in conjunction with other issues to escalate privileges and execute arbitrary code in the context of the current user.

Recommendations For versions prior to 4.5.40.5, update to version 4.5.40.5 or later to resolve the issue. As a temporary workaround, consider restricting access to sites that may serve malicious content to minimize the risk of exploitation. Avoid using the loadUrl function until the issue is resolved.