New Delhi: The Indian Computer Emergency Response Team (CERT-In) under the Ministry of Electronics and Information Technology on Thursday issued high-risk warning for Samsung Galaxy Mobile phone users.
The CERT-In Vulnerability Note CIVN-2023-0360 has flagged Multiple Vulnerabilities in Samsung Products.
“Multiple vulnerabilities have been reported in Samsung products which could allow a restrictions, access sensitive information and execute arbitrary code on the targeted,” said the Indian Computer Emergency Response Team
CERT-In said that the software affected Samsung Mobile Android versions 11, 12, 13, 14.
Why Are Samsung Galaxy Mobile Phone Users At MAJOR Security Risk?
CERT-In said that these vulnerabilities exist due to improper access control flaw in KnoxCustomManagerService and SmartManagerCN integer overflow in facepreprocessing library; improper authorization verification vulnerability in AR Emoji, improper exception management vulnerability in Knox Guard, various out of bounds write vulnerabilities in bootloader, HDCP in HAL libIfaaCa and libsavsac.so components, improper size check vulnerability in softsmind, improper input validation vulnerability in Smart Clip and implicit intent hijacking vulnerability in contacts.
Successful exploitation of these vulnerabilities may allow an attacker to trigger heap overflow and stack-based buffer overflow access device SIM PIN, send broadcast with elevated privilege, read sandbox data of AR Emoj, bypass Knox Guard lock via changing system time, access arbitrary files, gain access to sensitive information, execute arbitrary code and compromise the targeted system.
CERT-In has advised that users can apply apropriate security updates as mentioned by vendor in security advisory: https://security.samsungmobile.com/securityUpdate.smsb
Source: Zee News