The Indian Computer Emergency Response Team (CERT-In) under the Ministry of Electronics and Information Technology has revealed that multiple vulnerabilities have been reported in Samsung products.
Android is the most used mobile operating system across the globe and millions of users rely on the Google owned OS for day to day functioning. Apart from Apple iPhones, most other popular smartphones including Google Pixel, Samsung, OnePlus, Nothing and others run Android OS. As most of the work these days is possible through smartphones, we often store and share a lot of our personal information including location, banking details and other via our phone. To keep the users safe, the Indian government has issued a high severity warning for users of Samsung Mobile Android versions 11, 12, 13, 14. The Indian Computer Emergency Response Team (CERT-In) under the Ministry of Electronics and Information Technology has revealed that multiple vulnerabilities have been reported in Samsung products to bypass implemented security restrictions, and gain access to your sensitive information.
Although the tech giant releases these updates from time to time, many users don’t update the OS often due to lack of data, storage or ease of use. Such devices with older versions of the OS are easy to exploit due to the exposed vulnerabilities. A few such dangerous vulnerabilities have now been mentioned by the Indian government in its warning for Samsung users.
According to CERT-In, these vulnerabilities exist in Samsung Mobile Android versions due to improper access control flaw in KnoxCustomManagerService and SmartManagerCN component, integer overflow vulnerability in facepreprocessing library; improper authorization verification vulnerability in AR Emoji, improper exception management vulnerability in Knox Guard, various out of bounds write vulnerabilities in bootloader, HDCP in HAL, libIfaaCa and libsavsac.so components, improper size check vulnerability in softsimd, improper input validation vulnerability in Smart Clip and implicit intent hijacking vulnerability in contacts.
Successful exploitation of these vulnerabilities may allow an attacker to trigger heap overflow and stack-based buffer overflow, access device SIM PIN, send broadcast with elevated privilege, read sandbox data of AR Emoji, bypass Knox Guard lock via changing system time, access arbitrary files, gain access to sensitive information, execute arbitrary code and compromise the targeted system. To avoid any swindling, users should apply appropriate patches as mentioned by Google.
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
 "Samsung")
){kind=small}
){kind=small}
){kind=small}
){kind=small}
)
){kind=small}
){kind=small}
)
)
)
)
)
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}