Multiple Samsung Mobile Devices Flaw Let Attackers Execute Arbitrary Code

In a cybersecurity update, Samsung announced the patching of 25 vulnerabilities in its mobile devices, aiming to fortify them against potential code execution and privilege escalation attacks.

This move is part of Samsung’s ongoing efforts to enhance the security of its smartphones and tablets, ensuring the safety and privacy of its users.

The vulnerabilities, identified as Samsung Vulnerabilities and Exposures (SVE) items, were disclosed in the company’s latest security bulletin.

Document

Integrate ANY.RUN in Your Company for Effective Malware Analysis

Are you from SOC, Threat Research, or DFIR departments? If so, you can join an online community of 400,000 independent security researchers:

  • Real-time Detection
  • Interactive Malware Analysis
  • Easy to Learn by New Security Team members
  • Get detailed reports with maximum data
  • Set Up Virtual Machine in Linux & all Windows OS Versions
  • Interact with Malware Safely

If you want to test all these features now with completely free access to the sandbox:

These flaws spanned various components of Samsung devices, including the operating system, firmware, and certain proprietary software developed by Samsung.

The vulnerabilities could allow malicious actors to execute arbitrary code on the devices or escalate their privileges, thereby gaining unauthorized access to sensitive information or system functionalities.

Samsung’s swift response to these security threats underscores the company’s commitment to protecting its users from the evolving landscape of cyber threats.

By including patches for these 25 SVE items in its May 2024 Security Maintenance Release (SMR), Samsung has taken a proactive step in mitigating the risks associated with these vulnerabilities.

Here’s a detailed look at some of the specific security flaws that were patched:

SVE-2023-1778 (CVE-2024-20866): This was an authentication bypass vulnerability in the Setupwizard, which could allow unauthorized users to bypass device setup authentication mechanisms. The patch for this vulnerability involved removing unnecessary internet access during the setup process to prevent unauthorized access.

SVE-2023-2193 (CVE-2024-20855): This flaw was an improper access control issue within the multitasking framework. It could potentially allow unauthorized users to access and manipulate multitasking functionalities, leading to privilege escalation attacks. The update rectified this by enforcing stricter access controls.

SVE-2023-2265 (CVE-2024-20856): An improper authentication vulnerability in Samsung’s Secure Folder was patched. This flaw could allow attackers to bypass authentication measures and access sensitive information stored within the Secure Folder.

SVE-2024-0092 (CVE-2024-20861) and SVE-2024-0096 (CVE-2024-20862): These related vulnerabilities in SveService included a use-after-free issue and an out-of-bounds write flaw, respectively. Both could potentially lead to arbitrary code execution if exploited. The patches addressed these memory corruption issues to prevent such exploits.

SVE-2024-0234 (CVE-2024-20865): This was an authentication bypass in the bootloader that previously allowed physical attackers to flash arbitrary images. The patch added proper verification checks to prevent unauthorized flashing, enhancing the security of the device’s boot process.

SVE-2024-0357 (CVE-2024-20864): An improper access control vulnerability in DarManagerService was also rectified. This flaw could allow unauthorized access to the DarManagerService, leading to further exploitation.

The patched vulnerabilities were part of a broader security update that also incorporated fixes from Google, addressing issues related to the Android operating system.

This collaborative approach between Samsung and Google ensures that Samsung devices not only receive patches for proprietary issues but also benefit from the broader security enhancements provided by the Android platform.

Samsung has urged all users of its mobile devices to update their software to the latest version to benefit from these security enhancements.

On-Demand Webinar to Secure the Top 3 SME Attack Vectors: Watch for Free.

The company has made the updates available through its regular firmware update channels, and users can easily apply the update by navigating to the software update section in their device settings.

This latest security update is a testament to Samsung’s dedication to maintaining the trust and confidence of its users by providing timely and effective security measures.

As cyber threats continue to evolve, Samsung’s commitment to security and privacy remains unwavering, with the company continuously monitoring for new vulnerabilities and responding promptly to protect its users.

For more detailed information on the specific vulnerabilities addressed in this update and guidance on applying the security patches, users are encouraged to visit Samsung’s official security update page.

Is Your Network Under Attack? - Read CISO’s Guide to Avoiding the Next Breach - Download Free Guide

Gurubaran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Recent Posts

Lumma Stealer Attacking Users To Steal Login Credentials From Browsers

Researchers observed Lumma Stealer activity across multiple online samples, including PowerShell scripts and a disguised…

1 day ago

New ‘OtterCookie’ Malware Attacking Software Developers Via Fake Job Offers

Palo Alto Networks reported the Contagious Interview campaign in November 2023, a financially motivated attack…

1 day ago

NjRat 2.3D Pro Edition Shared on GitHub: A Growing Cybersecurity Concern

The recent discovery of the NjRat 2.3D Professional Edition on GitHub has raised alarms in…

1 day ago

Palo Alto Networks Vulnerability Puts Firewalls at Risk of DoS Attacks

A critical vulnerability, CVE-2024-3393, has been identified in the DNS Security feature of Palo Alto…

1 day ago

Araneida Scanner – Hackers Using Cracked Version Of Acunetix Vulnerability Scanner

Threat Analysts have reported alarming findings about the "Araneida Scanner," a malicious tool allegedly based…

3 days ago

A Dark Web Operation Acquiring KYC Details TO Bypass Identity Verification Systems

A major dark web operation dedicated to circumventing KYC (Know Your Customer) procedures, which involves…

3 days ago