New CVEs Issued on Tizen Vulnerabilities

In summer 2018, Dongsung Kim has demonstrated Tizen vulnerability exploits which enables Samsung Gear apps to control paired smartphone without permissions. Our members have reported these security issues to Samsung Electronics, and had a presentation at DEF CON 26.

Finally, the response has come! In regards to this remote execution attack created 11 new Common Vulnerabilities and Exposures (CVE) IDs.

The following CVE entries are reserved for Dongsung’s research but not published yet. We will bring updates here when these CVEs become public.

CVE-2018-16262
CVE-2018-16263
CVE-2018-16264
CVE-2018-16265
CVE-2018-16266
CVE-2018-16267
CVE-2018-16268
CVE-2018-16269
CVE-2018-16270
CVE-2018-16271
CVE-2018-16272