The Indian government, through the Computer Emergency Response Team of India (CERT-In), has issued a high-risk warning to users of Samsung Galaxy phones.
The alert, identified as CERT-In Vulnerability Note CIVN-2023-0360, points to critical security vulnerabilities in Samsung Mobile Android versions 11, 12, 13, and 14.
According to CERT-In, These severe vulnerabilities could allow attackers to bypass security measures, access sensitive information, and execute arbitrary code on targeted systems.
CERT-In's research reveals multiple vulnerabilities, including improper access control in Knox features, an integer overflow flaw in facial recognition software, authorization issues with the AR Emoji app, and incorrect handling of errors in Knox security software.
Additionally, there are multiple memory corruption vulnerabilities in various system components, incorrect data size verification in the softsimd library, unvalidated user input in the Smart Clip app, and hijacking of certain app interactions in contacts, it said.
CERTN-In said the attackers might trigger a heap overflow and stack-based buffer overflow, access device SIM PIN, send broadcasts with elevated privilege, read sandbox data of AR Emoji, bypass Knox Guard lock via changing system time, access arbitrary files, and compromise the targeted system.
The threat extends to various Samsung devices, including the Galaxy S23 series, Galaxy Z Flip5, Galaxy Z Fold5, and more.
Samsung has released software patches to address these issues. Users are advised to: apply security updates, exercise caution, update apps regularly, install apps from trusted sources, be cautious while clicking links.
{{ primary_category.name }}