Google says some Samsung smartphones targeted with zero-day vulnerabilities, issues fixed – Times of India

By Andrew McCollum On Nov 11, 2022

Google says that a commercial surveillance vendor was exploiting three zero-day security vulnerabilities in a few Samsung smartphones. The issues, discovered in Samsung’s custom-built software, have now been patched.
As per a blog post by Google Project Zero security researcher Maddie Stone, these vulnerabilities were used as part of an exploit chain to target Samsung smartphones running Android OS. These loopholes allowed the attacker to gain read/ write privileges, essentially to gain access to the phone’s data.
“The first vulnerability in this chain, the arbitrary file read and write, was the foundation of this chain, used four different times and used at least once in each step,” Stone said. The researcher also says that the exploits were on Samsung smartphones powered Exynos chipsets running kernel version 4.14.113. These phones include the Galaxy S10, Galaxy A50, and the Galaxy A51.

The flaws were reportedly exploited by a malicious Android app which may have been installed from outside of the Google Play Store. The researcher says that an “in-the-wild sample that was obtained is a JNI native library file that would have been loaded as a part of an app.”
While the information about the vulnerability was first reported last week, an update on November 10 says that the malicious code may have gained access to the phone’s data without asking for the user’s permission. The users may have been tricked into installing the malicious app from outside of the app store.
The development comes at a time when multiple reports suggest that Google Play Store have malicious apps with malware which steal users’ information by various methods. These apps are usually listed under fun, tools or productivity sections.
How to protect yourself from malicious apps
The first and easiest way to keep your phone safe and your data private is to use Google Play Protect. It checks the apps installed on your phone for harmful behaviour. It is advised that you install apps from a reputable vendor on Google Play Store. Thirdly, you can install a reputable endpoint security app.

For all the latest Technology News Click Here

For the latest news and updates, follow us on Google News.

Read original article here

Denial of responsibility! NewsUpdate is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.