CVE-2024-49407 – An improper access control vulnerability in Sam... (How to Fix)

Q: What is the severity of CVE-2024-49407?

CVE-2024-49407 has a CVSS score of 4.6 (MEDIUM). An improper access control vulnerability in Samsung Flow allows physical attackers to access data across multiple user profiles on the same device. This affects Samsung Flow users with multiple profiles configured on their Samsung devices. The vulnerability requires physical access to the device to exploit.

📋 TL;DR

An improper access control vulnerability in Samsung Flow allows physical attackers to access data across multiple user profiles on the same device. This affects Samsung Flow users with multiple profiles configured on their Samsung devices. The vulnerability requires physical access to the device to exploit.

💻 Affected Systems

Products:

Samsung Flow

Versions: All versions prior to 4.9.15.7

Operating Systems: Android, Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Requires Samsung Flow with multiple user profiles configured and physical access to device.

📦 What is this software?

Flow by Samsung

View all CVEs affecting Flow →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Physical attacker gains unauthorized access to sensitive data from other user profiles including personal files, messages, and application data.

🟠

Likely Case

Physical attacker accesses limited data from other profiles during brief physical access to an unlocked device.

🟢

If Mitigated

No data access across profiles due to proper device locking and physical security controls.

🌐 Internet-Facing: LOW - Requires physical device access, not remotely exploitable.

🏢 Internal Only: MEDIUM - Physical access threats exist in shared device environments.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Requires physical access to device and likely some user interaction.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.9.15.7

Vendor Advisory: https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=11

Restart Required: Yes

Instructions:

1. Open Samsung Flow app. 2. Check for updates in app settings. 3. Update to version 4.9.15.7 or later. 4. Restart device after update.

🔧 Temporary Workarounds

Disable Samsung Flow

android

Temporarily disable Samsung Flow until patched

Settings > Apps > Samsung Flow > Disable

Use single user profile

android

Remove additional user profiles from device

Settings > Users & accounts > Users > Remove user

🧯 If You Can't Patch

Implement strict physical security controls for devices
Disable Samsung Flow feature entirely

🔍 How to Verify

Check if Vulnerable:

Check Samsung Flow version in app settings - if version is below 4.9.15.7, device is vulnerable.

Check Version:

adb shell dumpsys package com.samsung.android.flow | grep versionName

Verify Fix Applied:

Confirm Samsung Flow version is 4.9.15.7 or higher in app settings.

📡 Detection & Monitoring

Log Indicators:

Unusual profile switching events
Samsung Flow access attempts from unexpected profiles

Network Indicators:

No network indicators - local physical access only

SIEM Query:

No applicable network-based SIEM query - focus on physical access monitoring

📊 Metadata

CVE ID: CVE-2024-49407

CVSS v3 Score: 4.6 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Published: November 6, 2024

Last Updated: November 13, 2024

🔗 References

https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=11 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON