Tuesday, November 12, 2024
Homecyber securityMultiple Samsung Mobile Devices Flaw Let Attackers Execute Arbitrary Code

Multiple Samsung Mobile Devices Flaw Let Attackers Execute Arbitrary Code

Published on

Malware protection

In a cybersecurity update, Samsung announced the patching of 25 vulnerabilities in its mobile devices, aiming to fortify them against potential code execution and privilege escalation attacks.

This move is part of Samsung’s ongoing efforts to enhance the security of its smartphones and tablets, ensuring the safety and privacy of its users.

The vulnerabilities, identified as Samsung Vulnerabilities and Exposures (SVE) items, were disclosed in the company’s latest security bulletin.

- Advertisement - SIEM as a Service
Document

Integrate ANY.RUN in Your Company for Effective Malware Analysis

Are you from SOC, Threat Research, or DFIR departments? If so, you can join an online community of 400,000 independent security researchers:

  • Real-time Detection
  • Interactive Malware Analysis
  • Easy to Learn by New Security Team members
  • Get detailed reports with maximum data
  • Set Up Virtual Machine in Linux & all Windows OS Versions
  • Interact with Malware Safely

If you want to test all these features now with completely free access to the sandbox:

These flaws spanned various components of Samsung devices, including the operating system, firmware, and certain proprietary software developed by Samsung.

The vulnerabilities could allow malicious actors to execute arbitrary code on the devices or escalate their privileges, thereby gaining unauthorized access to sensitive information or system functionalities.

Samsung’s swift response to these security threats underscores the company’s commitment to protecting its users from the evolving landscape of cyber threats.

By including patches for these 25 SVE items in its May 2024 Security Maintenance Release (SMR), Samsung has taken a proactive step in mitigating the risks associated with these vulnerabilities.

Here’s a detailed look at some of the specific security flaws that were patched:

SVE-2023-1778 (CVE-2024-20866): This was an authentication bypass vulnerability in the Setupwizard, which could allow unauthorized users to bypass device setup authentication mechanisms. The patch for this vulnerability involved removing unnecessary internet access during the setup process to prevent unauthorized access.

SVE-2023-2193 (CVE-2024-20855): This flaw was an improper access control issue within the multitasking framework. It could potentially allow unauthorized users to access and manipulate multitasking functionalities, leading to privilege escalation attacks. The update rectified this by enforcing stricter access controls.

SVE-2023-2265 (CVE-2024-20856): An improper authentication vulnerability in Samsung’s Secure Folder was patched. This flaw could allow attackers to bypass authentication measures and access sensitive information stored within the Secure Folder.

SVE-2024-0092 (CVE-2024-20861) and SVE-2024-0096 (CVE-2024-20862): These related vulnerabilities in SveService included a use-after-free issue and an out-of-bounds write flaw, respectively. Both could potentially lead to arbitrary code execution if exploited. The patches addressed these memory corruption issues to prevent such exploits.

SVE-2024-0234 (CVE-2024-20865): This was an authentication bypass in the bootloader that previously allowed physical attackers to flash arbitrary images. The patch added proper verification checks to prevent unauthorized flashing, enhancing the security of the device’s boot process.

SVE-2024-0357 (CVE-2024-20864): An improper access control vulnerability in DarManagerService was also rectified. This flaw could allow unauthorized access to the DarManagerService, leading to further exploitation.

The patched vulnerabilities were part of a broader security update that also incorporated fixes from Google, addressing issues related to the Android operating system.

This collaborative approach between Samsung and Google ensures that Samsung devices not only receive patches for proprietary issues but also benefit from the broader security enhancements provided by the Android platform.

Samsung has urged all users of its mobile devices to update their software to the latest version to benefit from these security enhancements.

On-Demand Webinar to Secure the Top 3 SME Attack Vectors: Watch for Free.

The company has made the updates available through its regular firmware update channels, and users can easily apply the update by navigating to the software update section in their device settings.

This latest security update is a testament to Samsung’s dedication to maintaining the trust and confidence of its users by providing timely and effective security measures.

As cyber threats continue to evolve, Samsung’s commitment to security and privacy remains unwavering, with the company continuously monitoring for new vulnerabilities and responding promptly to protect its users.

For more detailed information on the specific vulnerabilities addressed in this update and guidance on applying the security patches, users are encouraged to visit Samsung’s official security update page.

Is Your Network Under Attack? - Read CISO’s Guide to Avoiding the Next Breach - Download Free Guide

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

VMware Workstation & Fusion Now Available for Free to All Users

VMware has announced that its popular desktop hypervisor products, VMware Workstation and VMware Fusion,...

Dell Enterprise SONiC Flaw Let Attackers Hijack the System

Dell Technologies has disclosed multiple critical security vulnerabilities in its Enterprise SONiC OS, which...

Amazon Confirms Employee Data Breach Via Third-party Vendor

Amazon has confirmed that sensitive employee data was exposed due to a breach at...

10 Best DNS Management Tools – 2025

Best DNS Management Tools play a crucial role in efficiently managing domain names and...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

VMware Workstation & Fusion Now Available for Free to All Users

VMware has announced that its popular desktop hypervisor products, VMware Workstation and VMware Fusion,...

Dell Enterprise SONiC Flaw Let Attackers Hijack the System

Dell Technologies has disclosed multiple critical security vulnerabilities in its Enterprise SONiC OS, which...

Amazon Confirms Employee Data Breach Via Third-party Vendor

Amazon has confirmed that sensitive employee data was exposed due to a breach at...