Arbitrary Code Execution via Directory Traversal in SwiftKey Language-Pack Update Implementation on Samsung Galaxy Devices

Arbitrary Code Execution via Directory Traversal in SwiftKey Language-Pack Update Implementation on Samsung Galaxy Devices

CVE-2015-4641 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:P/A:P

Directory traversal vulnerability in the SwiftKey language-pack update implementation on Samsung Galaxy S4, S4 Mini, S5, and S6 devices allows remote web servers to write to arbitrary files, and consequently execute arbitrary code in a privileged context, by leveraging control of the skslm.swiftkey.net domain name and providing a .. (dot dot) in an entry in a ZIP archive, as demonstrated by a traversal to the /data/dalvik-cache directory.

Learn more about our Web App Pen Testing.