Security flaws that affect smartphones can be present for several years without being detected. If discovered, they can become a serious situation and bring problems to users.
It is precisely such a security problem that Samsung has now solved on its smartphones. It was in this equipment since 2014 and allowed attackers to take control without any user intervention.
A failure in Samsung since 2014
Discovery by a Google Project Zero researcher, this security breach is present in a vast number of Samsung smartphones. It is based on the version of Android that the Korean company uses, especially in one of the image libraries used.
To definitively address and mitigate it, however, this week Samsung launched the expected security update for its smartphones. This should be installed on all smartphones of the brand since 2014, so that they are completely protected.
Smartphone problem is real
The proof of concept, which explores the flaw, shows that it is simple to be explored and does not require user intervention. When using the Qmage image format, Samsung's customization skin is vulnerable.
If MMS messages are repeatedly sent, an attempt is made to bypass the ASLR (Address Space Layout Randomization). When guessing the memory location, the last message later takes the code that attacks the device.
Security update is already released
This proof of concept shows this flaw to be exploited in the Samsung messaging app. However, it is most likely that it can also be achieved in any other Android messaging app. Interestingly, this attack did not show any notifications on the smartphone.
Now that the bug is discovered and fixed, everyone should install the fix. Samsung smartphones since 2014 that have this flaw that is urgent to be addressed. Now that it is known, it is urgent to update the equipment.