ZDI-CAN-15918: (Pwn2Own) Samsung Galaxy S21 loadUrl Open Redirect Privilege Escalation Vulnerability
This vulnerability allows local attackers to execute arbitrary code on affected installations of Samsung Galaxy S21 phones. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of redirections. An attacker can force a redirection to a site that serves malicious content. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the current user.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Samsung Galaxy S21 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of ZDI-CAN-15918?
ZDI-CAN-15918 has been classified with a high severity rating due to the ability of local attackers to execute arbitrary code.
How do I fix ZDI-CAN-15918?
To fix ZDI-CAN-15918, users should apply the latest security updates provided by Samsung for the Galaxy S21.
Who is affected by ZDI-CAN-15918?
ZDI-CAN-15918 affects users of Samsung Galaxy S21 phones.
Can ZDI-CAN-15918 be exploited remotely?
No, ZDI-CAN-15918 requires local access to the device for exploitation.
What are the implications of ZDI-CAN-15918?
The implications of ZDI-CAN-15918 include potential unauthorized access and control over the affected device.
- agent/references
- agent/softwarecombine
- collector/zdi-advisory
- source/ZDI
- alias/ZDI-22-621
- alias/ZDI-CAN-15918
- alias/CVE-2022-1230
- agent/software-canonical-lookup
- agent/title
- agent/severity
- agent/description
- agent/type
- agent/event
- agent/tags
- agent/source
- vendor/samsung
- canonical/samsung galaxy s21