The government has warned Samsung users in India to immediately update their devices due to security issue. According to Computer Emergency Response Team of India (CERT-In), Samsung phones running on Android versions 11, 12, 13 and 14 are now prone to vulnerabilities that can allow an attacker to snoop and access data on your device without your knowledge.
The high-risk warning states that the vulnerabilities can even allow an attacker to bypass security restrictions, access sensitive information and execute arbitrary code on targeted systems. CERT-In revealed that these vulnerabilities can impact various components of the Samsung ecosystem.
As per the government owned cybersecurity team, these vulnerabilities can lead to issues like improper access control in Knox features, integer overflow flaw in facial recognition software, authorisation issues with the AR Emoji app, incorrect handling of errors in Knox security software, multiple memory corruption vulnerabilities in various system components, incorrect data size verification in the softsimd library, unvalidated user input in the Smart Clip app and hijacking of certain app interactions in contacts.
What happens if the attacker is successful?
If an attacker is successful in exploiting the vulnerabilities, it can lead to harmful consequences. As per the official statement, it "may allow an attacker to trigger heap overflow and stack-based buffer overflow, access device SIM PIN, send broadcast with elevated privilege, read sandbox data of AR Emoji, bypass Knox Guard lock via changing system time, access arbitrary files, gain access to sensitive information, execute arbitrary code and compromise the targeted system.”
Notably, the vulnerabilities will affect Samsung Mobile Android versions 11, 12, 13, and 14. The devices that are at risk include the Galaxy S23 series, Galaxy Z Flip5, Galaxy Z Fold5 and more.
To update your device now, you simply need to go to your phone settings. Once you are done, follow this path: About device > Software update > Download and install.
In other news, Apple’s cybersecurity team finally held a meeting with CERT-IN regarding the recent notification alerts sent to some prominent iPhone users in India. Last month, Apple sent notifications about ‘state-sponsored attackers trying to remotely compromise’ iPhones of some leaders in the opposition party. This notification raised concerns if the government was trying to hack their phones.
Copyright©2023 Living Media India Limited. For reprint rights: Syndications Today