Multiple vulnerabilities in the Samsung Galaxy S6 Edge

Posted: November 11, 2015 in Vulnerabilities
Tags: , ,


Samsung Galaxy S6 EdgeInformation security experts have found 11 flaws in the Samsung Galaxy S6 Edge

Information security experts from Google Project Zero found the eleven dangerous vulnerabilities in Galaxy S6 Edge from Samsung, and was immediately reported to the manufacturer.

Samsung released the update which fixes eight holes in October this year. Three the least dangerous vulnerabilities will be eliminated this month.

Natalie Silvanovich from Project Zero said: “The majority of these issues were fixed on the device we tested via an over-the-air update within 90 days, though three lower-severity issues remain unfixed.”

Multiple vulnerabilities in the Samsung Galaxy S6 Edge

Danger: High
Availability correction: Partially
The number of vulnerabilities: 11

CVE ID:

CVE-2015-7888
CVE-2015-7889
CVE-2015-7890
CVE-2015-7891
CVE-2015-7892
CVE-2015-7893
CVE-2015-7894
CVE-2015-7895
CVE-2015-7896
CVE-2015-7897
CVE-2015-7898

An attack vector: Remote
Impact: Disclosure of System Data, Unauthorized modification of data, System Compromise

Affected Products: Samsung Galaxy S6 Edge
Affected versions: Samsung Galaxy S6 Edge (firmware version up to G925VVRU4B0G9)

Vulnerabilities Description

These vulnerabilities allows remote users to disclose sensitive data, unauthorized change data and compromise a system.

[CVE-2015-7888] The vulnerability is caused due to an error in the directory traversal Samsung WifiHs20UtilityService. This can be exploited to unauthorized change of data.

[CVE-2015-7889] A vulnerability is caused due to insufficient authentication Samsung SecEmailComposer. This can be exploited to disclose of sensitive data.

[CVE-2015-7890, CVE-2015-7891, CVE-2015-7892] These vulnerabilities is due to a buffer overflow in the device driver. This can be exploited to compromise of the system.

[CVE-2015-7893: Unfixed] A vulnerability is caused due to insufficient validation of data in the Samsung SecEmailUI. This can be exploited via a specially crafted link to execute arbitrary script code in a user’s browser session in context of an affected site.

[CVE-2015-7894, CVE-2015-7895: Unfixed, CVE-2015-7896, CVE-2015-7897, CVE-2015-7898: Unfixed] These vulnerabilities is caused due to an error in memory corruption in Gallery. This can be exploited to compromise of the system.

Note: Using of vulnerabilities # 8 (CVE-2015-7895) and # 11 (CVE-2015-7898) require a specially crafted file to be opened in Samsung Gallery.

Solution: Install the update from the manufacturer. Vulnerabilities #2, #8 and #11 will not be patched until November.


Samsung LogoSamsung is a South Korean multinational conglomerate company headquartered in Samsung Town, Seoul. It comprises numerous subsidiaries and affiliated businesses.

Website: http://samsung.com

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s