Samsung Mobile Improper Access Control Vulnerability in MiscPolicy

An improper access control vulnerability has been identified in the 'retrieveExternalProxy' function within the MiscPolicy component of Samsung Mobile devices. This vulnerability, present in versions Q(10), R(11), and S(12) prior to the November 2022 Security Maintenance Release, allows local attackers to access proxy information. The issue arises from inadequate access controls, which the latest update addresses by implementing proper permissions to prevent unauthorized access.

Impact

Exploitation of this vulnerability could lead to unauthorized access to proxy information, potentially allowing for interception or manipulation of network traffic.

Remediation

Users can apply the November 2022 Security Maintenance Release to address this vulnerability. This update is part of the monthly security update process and includes patches from both Google and Samsung.