lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 25 Sep 2019 21:52:55 +0800
From: "flanker" <>
To: "fulldisclosure" <>
Subject: [FD] [CVE-2019-16253] Privilege Escalation in Samsung Mobile
	Android SamsungTTS Component

[CVE-2019-16253] Privilege Escalation in Samsung Mobile Android SamsungTTS Component

Samsung Text-to-speech Engine System Component on Android

The Text-to-speech Engine (aka SamsungTTS) before for Android allows a local attacker to escalate privilege, e.g., to system privilege. This issue is reported to & confirmed and patched by Samsung Mobile Security Rewards Program under case ID 101755.

Patched version:
- Android N,O or older : 
- Android P :

A successful local attack can obtain system privilege on vulnerable phones.

Update the TTS component via Galaxy AppStore to newest version or versions later than patched versions listed above.

Discovered by Qidan He (a.k.a Edward Flanker, @flanker_hqd). Detailed about this vulnerability will be released shortly after confirmation from Samsung Mobile for responsible disclosure.

Qidan (a.k.a Flanker)

Sent through the Full Disclosure mailing list
Web Archives & RSS:

Powered by blists - more mailing lists