CVE-2023-42579

Name of the Vulnerable Software and Affected Versions SogouSDK of Chinese Samsung Keyboard versions prior to 5.3.70.1 in Android 11 SogouSDK of Chinese Samsung Keyboard versions prior to 5.4.60.49 in Android 11 SogouSDK of Chinese Samsung Keyboard versions prior to 5.4.85.5 in Android 11 SogouSDK of Chinese Samsung Keyboard versions prior to 5.5.00.58 in Android 12 SogouSDK of Chinese Samsung Keyboard versions prior to 5.6.00.52 in Android 13 SogouSDK of Chinese Samsung Keyboard versions prior to 5.6.10.42 in Android 13 SogouSDK of Chinese Samsung Keyboard versions prior to 5.7.00.45 in Android 13

However, considering the instruction to consolidate the range into a single line and to avoid redundant or overlapping statements, the above can be simplified to: SogouSDK of Chinese Samsung Keyboard versions prior to 5.3.70.1 in Android 11 SogouSDK of Chinese Samsung Keyboard versions prior to 5.5.00.58 in Android 12 SogouSDK of Chinese Samsung Keyboard versions prior to 5.7.00.45 in Android 13

Description The issue is related to the improper usage of an insecure protocol (i.e., HTTP) in the SogouSDK of the Chinese Samsung Keyboard. This allows adjacent attackers to access keystroke data using a Man-in-the-Middle attack.

Recommendations For versions prior to 5.3.70.1 in Android 11, update to version 5.3.70.1 or later. For versions prior to 5.5.00.58 in Android 12, update to version 5.5.00.58 or later. For versions prior to 5.7.00.45 in Android 13, update to version 5.7.00.45 or later.