A security flaw in Samsung’s Quick Share feature for the Galaxy S24 series has been disclosed, enabling attackers to create arbitrary files on vulnerable devices.
Tracked as CVE-2024-49421, the vulnerability highlights risks in the popular file-sharing tool preinstalled on Samsung’s flagship smartphones.
Vulnerability Overview
The flaw, discovered by researcher Ken Gannon of NCC Group, stems from improper path validation in the Quick Share application.
.png
)
Attackers with network proximity can exploit this directory traversal weakness to write files to unintended locations on the device.
The vulnerability received a CVSS score of 5.9, categorized as medium severity due to its requirement for attacker proximity and user interaction.
| Field | Details |
| Vulnerability Name | Samsung Galaxy S24 Quick Share Directory Traversal Arbitrary File Write |
| CVE ID | CVE-2024-49421 |
| CVSS Score | 5.9 (Medium) |
Key Details:
- Affected Devices: Samsung Galaxy S24 series (pre-patch versions).
- Risk: Unauthorized file creation in user-accessible directories.
- Mitigation: Samsung released a security patch in December 2024 (available via Samsung’s Security Portal).
How the Exploit Works
Quick Share, designed for seamless file transfers between devices, failed to sanitize user-supplied file paths.
This oversight allows malicious actors to craft requests that bypass directory restrictions, effectively writing files to sensitive locations.
While the vulnerability requires initial access to the device (e.g., via phishing or malware), successful exploitation could enable data manipulation or further escalation of privileges.
Disclosure Timeline
- December 2, 2024: Vulnerability reported to Samsung.
- April 9, 2025: Coordinated public advisory released by Zero Day Initiative (ZDI-25-229).
- Patch Status: Fixed in Samsung’s December 2024 Security Maintenance Release (SMR).
Samsung’s Response
Samsung acknowledged the issue and urged users to install the latest updates immediately.
In a statement, the company emphasized its commitment to “proactively addressing security risks” and advised enabling auto-updates for critical patches.
While no active exploits have been reported, the vulnerability underscores the importance of timely software updates.
Quick Share’s widespread adoption—preinstalled on millions of Galaxy devices—makes this a high-priority fix. Security experts warn that delaying updates could expose devices to data tampering, ransomware, or credential theft.
- Update Immediately: Navigate to Settings > Software Update to install the December 2024 SMR.
- Limit Quick Share Use: Temporarily disable the feature if updates are delayed.
- Monitor Permissions: Avoid granting file access to unverified apps or networks.
The CVE-2024-49421 vulnerability serves as a reminder of the evolving threats to mobile ecosystems.
Samsung’s swift patch rollout mitigates risks, but user vigilance remains critical. As connected devices proliferate, proactive security hygiene is no longer optional—it’s essential.
Find this News Interesting! Follow us on Google News, LinkedIn, & X to Get Instant Updates!
