Millions of Samsung Galaxies have a critical flaw

Discussion in 'Headline News' started by RickAgresta, May 7, 2020.

  1. RickAgresta

    RickAgresta Peanut, leader of the Peanutty Forces

    Messages:
    21,335
    Likes Received:
    17,531
    Trophy Points:
    288
    Samsung Confirms Critical Security Warning For Millions: Every Galaxy After 2014 Affected
    The monthly security updates from Samsung have started rolling out. If you own a Samsung smartphone that was sold from late 2014 onward, you'd better hope that update hits your device soon. Why so? Only the small matter of a "perfect 10" critical security vulnerability that can enable arbitrary remote code execution (RCE) if exploited. Oh yes, and that arbitrary RCE can happen without any user interaction needed, as this is a "zero-click" vulnerability. And if you think that sounds pretty serious, and it is, there's more to come: the vulnerability affects every Galaxy smartphone that Samsung has made from late 2014 onward.

    Perfect 10 critical vulnerability explained
    When a security issue is given a perfect 10 risk rating under the common vulnerability scoring system (CVSS), then you know it's about as dangerous as things can be. Those perfect 10 scores aren't typical, but they do crop up now and then. On this occasion, it's for a vulnerability that was uncovered by researchers working at Google's Project Zero. A critical vulnerability that exists within Samsung's handling of the Qmage image format under Android. A critical vulnerability, therefore, that has been around since late 2014 when Samsung started supporting the .qmg format in all its Galaxy smartphone devices.

    Mateusz Jurczyk, one of the Project Zero researchers who found the vulnerability, told ZDNet that it could be exploited without any user-interaction being required. A so-called zero-click attack. Indeed, it's the same kind of zero-click exploit that the Project Zero team found in the Apple ecosystem recently.

    Link to entire article:
    https://www.forbes.com/sites/daveyw...ery-galaxy-after--2014-affected/#755eb5923af7
     
    scjjtt, raspabalsa, Hook and 2 others like this.
  2. headcronie

    headcronie Greyscale. Nuff Said. Super Moderator

    Messages:
    14,168
    Likes Received:
    4,712
    Trophy Points:
    113
    Yeah... awesome! Patch level March 1st, 2020. I despise the update model employed by Android. Seriously. *sigh*

    I'll be waiting two months to get this patch.
     
  3. raspabalsa

    raspabalsa Brain stuck BogoMipping

    Messages:
    9,388
    Likes Received:
    8,349
    Trophy Points:
    288
    So funny... I abandoned Samsung on 2014, when I upgraded from a Galaxy Player / Galaxy S3 Mini combo to my first convergent (PDA, cellphone, media and gaming device all in one) device: Sony Xperia Z1. A couple of years later I switched to LG and remained there until December 30th, 2019. Now I have a Samsung phone again. The article says the May update patches this vulnerability. I've been getting the monthly updates about 15 to 20 days after they're released to the U.S. I guess I'll wait until later this month to have this fixed. Oh well... :vbrolleyes:
     
  4. Hook

    Hook Professional Daydreamer

    Messages:
    19,683
    Likes Received:
    11,063
    Trophy Points:
    288
    The only Samsung device I have has not a stitch of Samsung software on it. :vbwink:
     
  5. jigwashere

    jigwashere Mobile Deity

    Messages:
    17,630
    Likes Received:
    13,386
    Trophy Points:
    288
    My son says he's gotten the patch on his S10.

    Sent from my moto g stylus using Tapatalk
     
    scjjtt, RickAgresta and headcronie like this.
  6. Hook

    Hook Professional Daydreamer

    Messages:
    19,683
    Likes Received:
    11,063
    Trophy Points:
    288
    Lol. How could I forget... I do have a device with Samsung software-- just not Android. My Galaxy watch. :vbgrin:
     
  7. z22 2006 User

    z22 2006 User BHOT's Own Fluffy

    Messages:
    1,640
    Likes Received:
    401
    Trophy Points:
    258
    Yay, me too! Gotta love slowly rolled out Android updates and the update lifepsan!
     
  8. raspabalsa

    raspabalsa Brain stuck BogoMipping

    Messages:
    9,388
    Likes Received:
    8,349
    Trophy Points:
    288
    Just got the update on my S10+. This was faster than usual, by about 2 weeks. I guess it was indeed a very grave vulnerability. It was a small update and I see no other obvious enhancements. Ah well, so long as nothing else got broke :rolleyes::D
     
    scjjtt, Hook, RickAgresta and 2 others like this.
Loading...

Share This Page