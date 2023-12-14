Summary: The Indian government’s Computer Emergency Response Team of India (CERT-In) has issued a high-risk warning regarding multiple vulnerabilities in Samsung mobile phones. These vulnerabilities, affecting Android versions 11 to 14, pose significant security risks, potentially allowing attackers to bypass security measures, access sensitive information, and execute malicious code on targeted devices.

CERT-In researchers have identified diverse vulnerabilities in Samsung products, affecting various components of the Samsung ecosystem. These vulnerabilities include improper access control in Knox features, an integer overflow flaw in facial recognition software, authorization issues with the AR Emoji app, incorrect handling of errors in Knox security software, multiple memory corruption vulnerabilities, incorrect data size verification, unvalidated user input, and hijacking of app interactions in contacts.

The exploitation of these vulnerabilities could have severe consequences, such as triggering heap overflow and stack-based buffer overflow, accessing the device SIM PIN, sending broadcasts with elevated privileges, reading sandbox data of AR Emoji, bypassing Knox Guard lock, accessing arbitrary files, compromising sensitive information, executing arbitrary code, and compromising the targeted system.

To protect their devices, users are strongly advised to take immediate action:

1. Apply Security Updates: Users should promptly install the security updates provided by Samsung through the official security advisory.

2. Exercise Caution: Until the update is applied, users should be cautious when using the affected devices, especially when interacting with untrusted sources or unknown applications.

3. Keep Apps Up to Date: Update all apps regularly from the Google Play Store to ensure the latest security patches are applied.

4. Install Apps from Trusted Sources: Only install apps from reputable sources like the Google Play Store to avoid downloading malicious apps from third-party websites.

5. Be Wary of Clicking on Links: Avoid clicking on links in emails or messages from unknown sources to prevent falling victim to phishing attacks.

It is crucial for Samsung mobile phone users to prioritize their device’s security by applying the recommended measures to mitigate the risks associated with these vulnerabilities.