Home » Trending » Devices & Gadgets » Samsung Reveals Critical Vulnerabilities in All Smartphones Released After 2014

Samsung Reveals Critical Vulnerabilities in All Smartphones Released After 2014

A patch to fix the vulnerability has been released by Samsung, although it remains unclear when owners of Samsung Galaxy devices will receive it, as even newly-released smartphones are vulnerable.


As monthly security updates for Samsung roll out, Google’s Project Zero researchers revealed details on a vulnerability in Samsung Android smartphones released in or after 2014. The bag was initially reported to Samsung in January.

The vulnerability is connected with how the Android operating system (OS) processes images of a particular format. An exploit using the vulnerability could potentially allow an intruder to gain control of the device through a code executed on the smartphone.

Samsung Galaxy smartphones handle images through the use of the qmg. file type, through the Skia library, something that a user has no control over. Mateusz Jurczyk, a Project Zero researcher who discovered the vulnerability, proved his disclosure by creating a series of MMS messages that were sent to a Samsung Galaxy 10+. The messages then located the Skia library on the device delivered the exploit, which, if performed by those with criminal intent, could contain malicious code that can be remotely executed. 

The code would be able to overwrite memory in the device almost immediately upon arrival via MMS, and a user does not have to open or interact the message. Moreover, a user would not know their smartphone was under attack, as this is ‘zero-click’ technology can avoid alerting a user as to what is happening.

“I have found ways to get MMS messages fully processed without triggering a notification sound on Android, so fully stealth attacks might be possible,” Jurczyk said to ZDnet.

The Samsung Android OS weak spot is being tracked as CVE-2020-8899 exploitability, and is described as: 

READ ALSO  Nigeria: Apple Launches iPhone X In Lagos

“An unauthenticated, unauthorized attacker sending a specially-crafted MMS to a vulnerable phone can trigger a heap-based buffer overflow in the Quram image codec leading to an arbitrary remote code execution (RCE) without any user interaction.”

Following the discovery, Samsung released updates that contain a patch that appears to overcome the problem. However, it is not yet clear when Samsung owners will be able to obtain this patch, as even newly-released devices like the Galaxy 10+ are yet to receive it.

Similar vulnerabilities in the Apple ecosystem were discovered by Google researchers in the end of April, revealing that the Mac IOS could be affected by data received from outside sources without the knowledge of, or interaction by, the user, particularly if users do not update their devices. – CULLED FROM SPUTNIKNEWS

Leave a Reply

Your email address will not be published. Required fields are marked *



Check Also

iPhone 12

Meet exciting new iPhone 12 from mini to max

iPhone 12: US Smarphone maker, Apple ...

global PC scarcity

Global PC scarcity to last till June 2021

Global PC scarcity: computer manufacturers struggle ...


OPPO unwraps latest A93 Smartphone with AI-Powered Portrait Photography and lots more

OPPO A93 introduces trendy technology that ...

Logitech releases new MX Anywhere 3 wireless mouse for Windows and Mac

Logitech launches its newest mouse called ...

Surface Duo, Microsoft foldable two-screen Android phone, now available

Surface Duo: 10 months ago, at ...