First published: Wed Nov 23 2016(Updated: )
The mDNIe system service on Samsung Mobile S7 devices with M(6.0) software does not properly restrict setmDNIeScreenCurtain API calls, enabling attackers to control a device's screen. This can be exploited via a crafted application to eavesdrop after phone shutdown or record a conversation. The Samsung ID is SVE-2016-6343.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Samsung Mobile | =6.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2016-9567 is considered a high severity vulnerability due to its potential to allow unauthorized control over a device's screen.
CVE-2016-9567 affects Samsung Mobile S7 devices running Android 6.0, allowing attackers to misuse the mDNIe system service.
To fix CVE-2016-9567, users should update their devices to the latest firmware version provided by Samsung.
Exploitation of CVE-2016-9567 can enable attackers to eavesdrop on communications or record conversations through a crafted application.
CVE-2016-9567 has been specifically identified in Samsung Mobile S7 devices with the M(6.0) software version and is not documented for other devices.