CVE-2023-42579

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Dec 5, 2023

Updated: Dec 12, 2023

CWE ID 319

Summary

CVE-2023-42579 is a vulnerability affecting the SogouSDK component of the Chinese Samsung Keyboard. Versions prior to 5.3.70.1 on Android 11, 5.4.60.49, 5.4.85.5 on Android 12, and 5.6.00.52, 5.6.10.42, 5.7.00.45 on Android 13 utilize insecure HTTP protocol, making them susceptible to Man-in-the-Middle attacks. Attackers can exploit this vulnerability to gain access to users' keystroke data, posing a significant threat to data confidentiality. It is crucial for users to update their keyboard software to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Samsung Keyboard (삼성 키보드)

Affected Vendors

Samsung

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sqJCip
https://www.cve.org/CVERecord?id=CVE-2023-42579
https://nvd.nist.gov/vuln/detail/CVE-2023-42579

Back to Vulnerability Database