Samsung Fixes Privilege Escalation Flaw

Wednesday, June 15, 2016 @ 04:06 PM gHale


Samsung patched a vulnerability in its SW Update application.

The vulnerability could allow an attacker to elevate privileges on systems that use the utility, researchers said.

RELATED STORIES
Google Patches Android, Qualcomm Holes
LG Fixes Device Vulnerabilities
Androids Suffer from Mediaserver Attack
Androids Suffer from Wi-Fi Fault

SW Update, an application pre-installed on Samsung computers, helps users easily update their software and drivers.

The tool suffers from a vulnerability that can end up exploited by an authenticated attacker to escalate their privileges, said Benjamin Gnahm of Blue Frost Security.

SW Update installs a service called SWUpdateService, which has SYSTEM privileges, Gnahm said. The application’s binary is in a ProgramData folder where any authenticated user can create new files. When SWUpdateService launches, it attempts to load several DLL files from this directory. While these DLL files don’t exist, they can end up created by a user and they will get executed with SYSTEM privileges when the service starts.

This allows an attacker to gain complete control over the system by placing specially crafted DLLs in the SW Update folder. Gnahm said while an attacker with the privileges of a normal user is not able to restart the service, they can simply restart the device or wait until the victim reboots it.

This vulnerability can be highly useful for a malicious actor who already gained limited access to the targeted system.

The flaw ended up reported to Samsung April 25 and the company patched it one month later with the release of SW Update 2.2.7.24. As a workaround, the access control list (ACL) can end up configured so normal users cannot write files to the application’s folder.