search

0x192 / universal-android-debloater

Cross-platform GUI written in Rust using ADB to debloat non-rooted android devices. Improve your privacy, the security and battery life of your device.
GNU General Public License v3.0
14.77k stars 800 forks source link

Samsung-TTS privilege-escalation vulnerability #779

Open Rudxain opened 1 year ago

Rudxain commented 1 year ago

Your phone model: (My phone isn't vulnerable)

Packages documentation to update:

com.samsung.SMT

Documentation Change

com.samsung.SMT

Removal: Advanced :arrow_right: Recommended

Current description

Samsung TTS (Text-to-speech) Works with applications such as S Voice; translation apps, GPS that require Text-To-Speech (TTS) functionality and reads back text https://galaxystore.samsung.com/detail/com.samsung.SMT

Proposed description

Samsung TTS (Text-to-speech) Works with applications such as S Voice; translation apps, GPS that require Text-To-Speech (TTS) functionality and reads back text https://galaxystore.samsung.com/detail/com.samsung.SMT WARNING: SOME VERSIONS OF THIS APP ARE VULNERABLE TO PRIVILEGE ESCALATION ATTACK! It can allow arbitrary RCE as system (UID 1000). Identifier: CVE-2019-16253. Source: https://github.com/flankerhqd/vendor-android-cves/tree/master/SMT-CVE-2019-16253