Vulnerability Description
The Track My Mobile feature in the SamsungDive subsystem for Android on Samsung Galaxy devices does not properly implement Location APIs, which allows physically proximate attackers to provide arbitrary location data via a "commonly available simple GPS location spoofer."
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Samsung | Samsungdive | - |
| Samsung | Galaxy Note 2 | - |
| Samsung | Galaxy S | - |
| Samsung | Galaxy S2 | - |
Related Weaknesses (CWE)
References
- http://thehackernews.com/2012/12/manufacture-based-gps-tracking-services.html
- http://thehackernews.com/2012/12/manufacture-based-gps-tracking-services.html
FAQ
What is CVE-2012-6334?
CVE-2012-6334 is a vulnerability with a CVSS score of 2.9 (LOW). The Track My Mobile feature in the SamsungDive subsystem for Android on Samsung Galaxy devices does not properly implement Location APIs, which allows physically proximate attackers to provide arbitra...
How severe is CVE-2012-6334?
CVE-2012-6334 has been rated LOW with a CVSS base score of 2.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-6334?
Check the references section above for vendor advisories and patch information. Affected products include: Samsung Samsungdive, Samsung Galaxy Note 2, Samsung Galaxy S, Samsung Galaxy S2.