From 39980c7e8797ad5bfc9553ebf8dba79ff1c651af Mon Sep 17 00:00:00 2001 From: Tod Beardsley Date: Mon, 17 Nov 2014 13:29:00 -0600 Subject: [PATCH] Fix up KNOX caps, descriptive description --- modules/exploits/android/browser/samsung_knox_smdm_url.rb | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/modules/exploits/android/browser/samsung_knox_smdm_url.rb b/modules/exploits/android/browser/samsung_knox_smdm_url.rb index 0bc0c5fa1e..4616753613 100644 --- a/modules/exploits/android/browser/samsung_knox_smdm_url.rb +++ b/modules/exploits/android/browser/samsung_knox_smdm_url.rb @@ -16,11 +16,12 @@ class Metasploit3 < Msf::Exploit::Remote def initialize(info = {}) super(update_info(info, - 'Name' => 'Samsung Galaxy Knox Android Browser RCE', + 'Name' => 'Samsung Galaxy KNOX Android Browser RCE', 'Description' => %q{ - A vulnerability exists in the Knox security component of the Samsung Galaxy + A vulnerability exists in the KNOX security component of the Samsung Galaxy firmware that allows a remote webpage to install an APK with arbitrary - permissions. + permissions by abusing the 'smdm://' protocol handler registered by the KNOX + component. The vulnerability has been confirmed in the Samsung Galaxy S4, S5, Note 3, and Ace 4.