ZDI-22-621: (Pwn2Own) Samsung Galaxy S21 loadUrl Open Redirect Privilege Escalation Vulnerability
This vulnerability allows local attackers to execute arbitrary code on affected installations of Samsung Galaxy S21 phones. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of redirections. An attacker can force a redirection to a site that serves malicious content. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the current user.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Samsung Galaxy S21 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of ZDI-22-621?
The severity of ZDI-22-621 is high, as it allows local attackers to execute arbitrary code on affected Samsung Galaxy S21 devices.
How do I fix ZDI-22-621?
To fix ZDI-22-621, update the software on your Samsung Galaxy S21 to the latest version provided by Samsung.
Who is affected by ZDI-22-621?
ZDI-22-621 affects users of Samsung Galaxy S21 smartphones.
What kind of attack does ZDI-22-621 enable?
ZDI-22-621 enables local attackers to execute arbitrary code on affected Samsung Galaxy S21 devices.
Is remote access needed to exploit ZDI-22-621?
No, an attacker must first obtain the ability to execute low-privileged code locally on the target Samsung Galaxy S21.
- agent/references
- agent/type
- agent/softwarecombine
- collector/zdi-advisory
- source/ZDI
- alias/ZDI-22-621
- alias/ZDI-CAN-15918
- alias/CVE-2022-1230
- agent/software-canonical-lookup
- agent/title
- agent/severity
- agent/description
- agent/event
- agent/tags
- agent/source
- vendor/samsung
- canonical/samsung galaxy s21