ClipboardDataMgr in Samsung KNOX 1.0.0 and 2.3.0 does not properly check the caller, which allows local users to read KNOX clipboard data via a crafted application.
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
Link | Tags |
---|---|
http://packetstormsecurity.com/files/136710/KNOX-2.3-Clipboard-Data-Disclosure.html | vdb entry third party advisory |
http://www.securityfocus.com/archive/1/538113/100/0/threaded | mailing list |