CVE-2015-4640

NONECVSS 0.0

0.0

The SwiftKey language-pack update implementation on Samsung Galaxy S4, S4 Mini, S5, and S6 devices relies on an HTTP connection to the skslm.swiftkey.net server, which allows man-in-the-middle attackers to write to language-pack files by modifying an HTTP response. NOTE: CVE-2015-4640 exploitation can be combined with CVE-2015-4641 exploitation for man-in-the-middle code execution.

🔗 References (12)

cve@mitrehttp://arstechnica.com/security/2015/06/new-exploit-turns-samsung-galaxy-phones-into-remote-bugging-devices/
cve@mitrehttp://www.kb.cert.org/vuls/id/155412
cve@mitrehttp://www.securityfocus.com/bid/75347
cve@mitrehttps://github.com/nowsecure/samsung-ime-rce-poc/
cve@mitrehttps://www.nowsecure.com/blog/2015/06/16/remote-code-execution-as-system-user-on-samsung-phones/
cve@mitrehttps://www.nowsecure.com/keyboard-vulnerability/
af854a3a-2127-422b-91ae-364da2661108http://arstechnica.com/security/2015/06/new-exploit-turns-samsung-galaxy-phones-into-remote-bugging-devices/
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/155412
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/75347
af854a3a-2127-422b-91ae-364da2661108https://github.com/nowsecure/samsung-ime-rce-poc/
af854a3a-2127-422b-91ae-364da2661108https://www.nowsecure.com/blog/2015/06/16/remote-code-execution-as-system-user-on-samsung-phones/
af854a3a-2127-422b-91ae-364da2661108https://www.nowsecure.com/keyboard-vulnerability/

Is Your Infrastructure Affected by CVE-2015-4640?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2015-4640

📅 Published

🔄 Last Modified

🔗 References (12)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2015-4640?