Login Sign Up

CVE-2024-20872

6.2 MEDIUM

📋 TL;DR

This vulnerability allows local attackers with insufficient privileges to modify TalkbackSE settings on Samsung Android devices. It affects Samsung devices running Android versions prior to Android 14 with TalkbackSE enabled. Attackers must have physical access or local code execution on the device.

💻 Affected Systems

Products:
  • Samsung Android devices with TalkbackSE
Versions: Android versions prior to Android 14
Operating Systems: Android
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects devices where TalkbackSE (Samsung's accessibility service) is installed and enabled. Most Samsung Android devices include this by default.

📦 What is this software?

Android by Samsung

Android is Google's open-source mobile operating system powering over 3 billion devices worldwide, including smartphones, tablets, smart TVs, automotive systems, wearables, and IoT devices. As the world's dominant mobile OS with approximately 72% global market share, Android serves as the foundation...

Learn more about Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could disable accessibility features for visually impaired users, potentially locking them out of device functionality or enabling other attacks through modified settings.

🟠

Likely Case

Local attackers could modify TalkbackSE settings to disrupt accessibility services or enable persistence mechanisms.

🟢

If Mitigated

With proper Android security updates and device management, impact is limited to local privilege escalation within the accessibility service context.

🌐 Internet-Facing: LOW - This is a local privilege escalation vulnerability requiring physical access or local code execution.
🏢 Internal Only: MEDIUM - On corporate-managed Samsung devices, local attackers could abuse this to modify accessibility settings or maintain persistence.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Requires local access to the device. No public exploit code has been disclosed as of the advisory date.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Android 14 (May 2024 security update)

Vendor Advisory: https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=05

Restart Required: Yes

Instructions:

1. Check for system updates in Settings > Software update. 2. Install the May 2024 Android security update. 3. Ensure device is running Android 14 or later. 4. Restart device after update.

🔧 Temporary Workarounds

Disable TalkbackSE

android

Temporarily disable the vulnerable accessibility service until patching is possible

Settings > Accessibility > Installed services > Turn off TalkbackSE

🧯 If You Can't Patch

  • Restrict physical access to vulnerable devices
  • Implement mobile device management (MDM) to control accessibility service permissions

🔍 How to Verify

Check if Vulnerable:

Check Android version in Settings > About phone > Software information. If Android version is below 14 and May 2024 security patch is not installed, device is vulnerable.

Check Version:

Settings > About phone > Software information (no CLI command available on standard Android)

Verify Fix Applied:

Verify Android version is 14 or later and security patch level is May 2024 or newer in Settings > About phone > Software information.

📡 Detection & Monitoring

Log Indicators:

  • Unexpected modifications to accessibility settings in system logs
  • TalkbackSE service permission changes

Network Indicators:

  • None - this is a local vulnerability

SIEM Query:

Not applicable for local device vulnerabilities without network component

📊 Metadata

CVE ID: CVE-2024-20872
CVSS v3 Score: 6.2 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Published: May 7, 2024
Last Updated: January 7, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON