CERT-In has classified the risk as high, underscoring the possibility of attackers leveraging these vulnerabilities to bypass security protocols, gain access to confidential information, and execute unauthorized code on targeted systems. The recognized vulnerabilities present a potential threat to multiple components within the Samsung ecosystem.
The comprehensive examination conducted by the government's cybersecurity team unveils various potential issues. These include inadequate access control in Knox features, integer overflow vulnerabilities in facial recognition software, authorization issues with the AR Emoji app, mishandling of errors in Knox security software, and several memory corruption vulnerabilities in diverse system components.
Furthermore, the identified vulnerabilities encompass concerns such as incorrect data size verification in the softsimd library, unvalidated user input in the Smart Clip app, and the hijacking of specific app interactions in contacts. If an attacker successfully exploits these vulnerabilities, the ramifications could be severe.
The official statement details potential outcomes, which include triggering heap overflow and stack-based buffer overflow, obtaining the device SIM PIN, broadcasting with elevated privilege, reading sandbox data of AR Emoji, bypassing Knox Guard lock by altering system time, accessing arbitrary files, gaining entry to sensitive information, executing arbitrary code, and compromising the targeted system. Crucially, the impacted Samsung Mobile Android versions comprise 11, 12, 13, and 14.
Vulnerable devices include widely-used models like the Samsung Galaxy S23 series, Samsung Galaxy Z Flip 5, Samsung Galaxy Z Fold 5, and others. To address the risks linked to
. Read more on livemint.com