Samsung Mobile Android SamsungTTS Privilege Escalation

The Samsung Text-to-speech Engine System Component on Android suffers from a local privilege escalation vulnerability. Versions before and are affected.

MD5 | 8f7af7fb883fdaea5d4b41303321e322

[CVE-2019-16253] Privilege Escalation in Samsung Mobile Android SamsungTTS Component

Samsung Text-to-speech Engine System Component on Android

The Text-to-speech Engine (aka SamsungTTS) before for Android allows a local attacker to escalate privilege, e.g., to system privilege. This issue is reported to & confirmed and patched by Samsung Mobile Security Rewards Program under case ID 101755.

Patched version:
- Android N,O or older :
- Android P :

A successful local attack can obtain system privilege on vulnerable phones.

Update the TTS component via Galaxy AppStore to newest version or versions later than patched versions listed above.

Discovered by Qidan He (a.k.a Edward Flanker, @flanker_hqd). Detailed about this vulnerability will be released shortly after confirmation from Samsung Mobile for responsible disclosure.

Qidan (a.k.a Flanker)

Related Posts