Security Alert: Government issues warning for Samsung users.

The Indian government’s Computer Emergency Response Team (CERT-In) recently issued an extremely risky warning for Samsung Mobile customers, known as CERT-In Vulnerability Note CIVN-2023-0360. The alert highlights significant vulnerabilities in Samsung Mobile Android versions 11, 12, 13, and 14.

Also Read: Stay Safe Online: Don’t Fall for Fake Browser Update Traps

The Indian Computer Emergency Response Team (CERT-In) issued a security notice concerning several vulnerabilities affecting millions of Samsung Galaxy phones. The security notice was published on December 13 and the worry has been classed as high risk, therefore current Samsung customers must immediately upgrade their phone’s operating system or firmware.

According to Cert-In, the vulnerabilities exist due to

– improper control of access flaw in Knox Custom Manager Service and Smart Manager CN component,

– integer overflow vulnerability in face initial processing library;

– improper approval verification vulnerability in AR Emoji,

– erroneous exception management vulnerability in Knox Guard,

– multiple out of bounds write vulnerabilities in bootloader,

– HDCP in HAL, libIfaaca and liblfaaca.so components,

– incorrect size check vulnerability in Knox Guard, and

– improper size check vulnerability in Knox Guard.

Successful exploitation of these vulnerabilities may allow an attacker to do the below;

– trigger heap overflow and stack-based buffer overflow,

– access device SIM PIN,

– send broadcast with elevated privilege,

– read sandbox data of AR Emoji,

– bypass Knox Guard lock via changing system time,

– access arbitrary files,

– gain access to sensitive information,

– execute arbitrary code and compromise the targeted system.

 

Links

https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2023-0360

Please complete the required fields.




Back to top button