The SwiftKey language-pack update implementation on Samsung Galaxy S4, S4 Mini, S5, and S6 devices relies on an HTTP connection to the skslm.swiftkey.net server, which allows man-in-the-middle. Rated low severity (CVSS 2.9). Public exploit code available and no vendor patch available.
RCE
Samsung
Swiftkey Sdk
NVD
GitHub
CVSS 2.0
2.9
EPSS
0.2%