The Indian government has issued a warning to Samsung users, urging them to promptly update their devices due to a security issue. The Computer Emergency Response Team of India (CERT-In) has identified vulnerabilities in Samsung phones operating on Android versions 11, 12, 13, and 14, making them susceptible to potential exploitation by attackers who could access and retrieve data without the user’s awareness.
Security Alert: Assessing Critical Vulnerabilities Across the Samsung Ecosystem
The high-risk advisory emphasizes that these vulnerabilities have the potential to permit attackers to bypass security restrictions, gain access to sensitive information, and execute arbitrary code on targeted systems. CERT-In has disclosed that these vulnerabilities extend to various components within the Samsung ecosystem.
According to the government’s cybersecurity team, the identified vulnerabilities encompass issues such as improper access control in Knox features, an integer overflow flaw in facial recognition software, authorization concerns with the AR Emoji app, mishandling of errors in Knox security software, multiple memory corruption vulnerabilities in various system components, incorrect data size verification in the softsimd library, unvalidated user input in the Smart Clip app, and the potential for hijacking specific app interactions in contacts.
Critical Security Advisory: Urgent Update for Samsung Users Amid Identified Vulnerabilities
In the event of a successful exploitation of these vulnerabilities, the consequences could be severe. The attacker might trigger heap overflow and stack-based buffer overflow, access the device SIM PIN, send broadcasts with elevated privilege, read AR Emoji sandbox data, bypass Knox Guard lock by altering system time, access arbitrary files, obtain sensitive information, execute arbitrary code, and compromise the targeted system.
Noteworthy is the fact that these vulnerabilities impact Samsung Mobile Android versions 11, 12, 13, and 14, affecting devices such as the Galaxy S23 series, Galaxy Z Flip5, Galaxy Z Fold5, and others. To safeguard against potential risks, users are advised to update their devices promptly by navigating to phone settings, then accessing About device > Software update > Download and install.
In related news, Apple’s cybersecurity team has engaged in a discussion with CERT-IN regarding notification alerts sent to some prominent iPhone users in India. Last month, Apple notified certain individuals of ‘state-sponsored attackers attempting to remotely compromise’ iPhones belonging to leaders in the opposition party, sparking concerns about potential government-sponsored hacking attempts.
