CERT-In, the Computer Emergency Response Team of India, has issued a crucial alert to Samsung smartphone users nationwide, emphasizing the urgent need to update their devices. The advisory specifically addresses security vulnerabilities identified in Samsung devices running on Android versions 11, 12, 13, and 14.
Exploitation of these vulnerabilities could potentially lead to unauthorized access to sensitive data stored on the affected devices. It is imperative for users to promptly update their Samsung smartphones to mitigate this security threat.
CERT-In has classified the risk as high, underscoring the possibility of attackers leveraging these vulnerabilities to bypass security protocols, gain access to confidential information, and execute unauthorized code on targeted systems. The recognized vulnerabilities present a potential threat to multiple components within the Samsung ecosystem.
The comprehensive examination conducted by the government's cybersecurity team unveils various potential issues. These include inadequate access control in Knox features, integer overflow vulnerabilities in facial recognition software, authorization issues with the AR Emoji app, mishandling of errors in Knox security software, and several memory corruption vulnerabilities in diverse system components.
Furthermore, the identified vulnerabilities encompass concerns such as incorrect data size verification in the softsimd library, unvalidated user input in the Smart Clip app, and the hijacking of specific app interactions in contacts.
If an attacker successfully exploits these vulnerabilities, the ramifications could be severe. The official statement details potential outcomes, which include triggering heap overflow and stack-based buffer overflow, obtaining the device SIM PIN, broadcasting with elevated privilege, reading sandbox data of AR Emoji, bypassing Knox Guard lock by altering system time, accessing arbitrary files, gaining entry to sensitive information, executing arbitrary code, and compromising the targeted system.
Crucially, the impacted Samsung Mobile Android versions comprise 11, 12, 13, and 14. Vulnerable devices include widely-used models like the Samsung Galaxy S23 series, Samsung Galaxy Z Flip 5, Samsung Galaxy Z Fold 5, and others.
To address the risks linked to these vulnerabilities, users are strongly encouraged to implement the following precautions:
This urgent advisory is aimed at safeguarding Samsung users from potential security threats and underscores the significance of taking proactive measures to secure their devices.
