A zero-click vulnerability in Samsung mobile phones, on exploitation, can enable threat actors to have access to all the privileges and permissions connected to Samsung Messenger. No interaction by the user would be necessary.
What is happening
This vulnerability exists only in Samsung phones running Android 4.4.4 or higher. Although this class of vulnerabilities were first discovered in late-2014, it is still being actively developed. This vulnerability has been listed as SVE-2020-16747. It is a memory corruption issue in Qmage image codec built into Skia.
The wider view
This vulnerability has been discovered by Mateusz Jurczyk of Google Project Zero.
This vulnerability enables hackers to take advantage of the Skia library.
After locating the library, a multimedia message is sent with a Qmage file. This can attack the phone with malicious code.
Since this is a zero-click attack, users would be immediately affected.
What the experts are saying
Jurczyk stated, “the default Samsung Messages app processes the contents of incoming MMS messages without any user interaction, and I expect that other similar attack vectors exist.”
Tripwire noted that this vulnerability is concerning since it does not require any interaction by the user.
What you can do
Samsung released a patch for this, which can be found in its May 2020 security update. Customers owning a Samsung device from 2014 or later, should install the update.
Worth noting
All Samsung flagships released in 2014 and later are plagued with some sort ..
Support the originator by clicking the read the rest link below.
