CVE-2022-36864

Vulnerability

Samsung Email versions prior to 6.1.70.20 contain an improper access control and intent redirection vulnerability. The flaw enables an attacker to access specific formatted files and perform actions with elevated privileges. The vulnerability exists in the handling of intents, which are messaging objects used to request an action from another app component. Affected versions include all builds before 6.1.70.20.

Exploitation

An attacker can exploit this vulnerability by sending a crafted intent to the Samsung Email application. The attacker does not need physical access to the device; they can be a local app with malicious intent. The exploitation involves launching the Email app with a specially constructed intent that bypasses access controls, allowing the attacker to read or manipulate specific formatted files and trigger privileged behavior. No additional authentication or user interaction beyond launching the app may be required if the intent is crafted to imitate a legitimate request.

Impact

Successful exploitation allows the attacker to access specific formatted files (such as sensitive email attachments or configuration files) and execute actions that should be restricted to higher privileges. This could lead to disclosure of confidential information or unauthorized operations within the Email application context. The exact scope of privileged behavior is not detailed in the references, but it is considered to have a significant impact on confidentiality and integrity.

Mitigation

Samsung has released version 6.1.70.20 of Samsung Email to address this vulnerability, as noted in the September 2022 Samsung Mobile Security maintenance release [1]. Users should update their Email app via the Galaxy Store or other official distribution channels. There are no known workarounds, and the vulnerability is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog as of the reference publication date.