Samsung Galaxy Android devices may be facing a new security threat due to a new vulnerability. The new issue has been spotted by Kryptowire, on existing Samsung Android devices running on either Android 9, Android 10, Android 11, or the latest Android 12. The vulnerability has been spotted in the native
The new vulnerability spotted in Samsung Galaxy devices by the cybersecurity firm can allow any local app on the device (including third-party apps with zero permissions) to provide random instructions. There is a vulnerability found in the pre-installed app (the phone app in this case). The malicious player will be able to execute the instructions as the system user. The vulnerability is affecting Android versions 10, 11, and 12.
The same vulnerability is present on Android 9, although it allows zero-permission third-party apps to provide arbitrary Intent objects. These instructions are sent to broadcast receiver app components by the same vulnerable pre-installed app.
How will it affect users?
This vulnerability in the phone app in the affected Samsung devices allows a third-party app (even with zero permissions) to do things like a factory reset, call phone numbers, call privileged phone numbers (e.g. emergency numbers), and install a custom certificate authority. Any app installed on the phone can get access to all permissions without any form of consent from the user.
All of these aforementioned capabilities are performed programmatically without any user involvement. This is a limited sample of vulnerabilities that are made accessible to third-party apps via the vulnerable pre-installed app.
Phones as recent as the Samsung S21 Ultra 5G running the most recent Android 12 are affected by this vulnerability.
Devices that are affected by this vulnerability
Samsung S 21 Ultra 5G (SM-G998U1): Android 12
Samsung S 21 Ultra 5G (SM-G998U1): Android 11
Samsung S10+ (SM-G975F): Android 10
Samsung A10e (SM-A516B): Android 9
The post Samsung Galaxy device owners beware! New flaw can delete all data, make random phone calls appeared first on BGR India.