PT-2023-22907 · Samsung · Samsung Keyboard
Published
2023-09-05
·
Updated
2023-09-09
·
CVE-2023-30707
CVSS v3.1
7.1
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Samsung Keyboard versions prior to SMR Sep-2023 Release 1
Description
The issue is related to an improper input validation vulnerability in the FileProviderStatusReceiver component of the Samsung Keyboard. This vulnerability allows local attackers to delete arbitrary files with the privilege of the Samsung Keyboard.
Recommendations
For Samsung Keyboard versions prior to SMR Sep-2023 Release 1, update to a version released after SMR Sep-2023 Release 1 to resolve the issue. As a temporary workaround, consider restricting the privileges of the Samsung Keyboard to minimize the risk of exploitation.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Samsung Keyboard