Galaxy Note 20 Ultra
Image Source/ IoT Gadgets

Samsung confirmed a critical security flaw called remote code execution (RCE) bug plaguing in Galaxy Phones that have been sold since 2014. Last week, The company started rolling out the May 2020 security patch.


OPTP

So if you have a phone that has been sold by the company after 2014, you will sooner or later get the latest update.

You better update your Galaxy phone as soon as possible!

This particular security flaw can be easily exploited in a zero-click scenario. This means that it will most likely work without users’ knowledge. The fault is as critical as they say since the device can be hacked without any kind of interaction with the device.

Samsung Galaxy Buds vs Apple AirPods Pro

Where does the flaw reside?

The security flaw resides in the company’s devices’ handling the custom Qmage image format (.qmg) that is processed by Android’s graphics library.

Tech giant takes full responsibility for the flaw and has acknowledged the security issue. Reportedly, its May security update contains the fix.

What we don’t know for sure is that either Samsung will fix all affected devices or not, however, many sources have reached out to the company for clarity on eligible devices.

Samsung Introduces A New Program to Stop Coronavirus Spread from Phones

The company’s smartphones started supporting the custom Qmage format on all devices released since late 2014.

It is the only one that modifies Android OS on its devices to support the Qmage format, which is developed by South Korean firm Quramsoft.

Samsung is said to be the only manufacturer affected by the bug! 

There have been no official statements coming through from Samsung, but the newest May update dubbed as SVE-2020-16747 comprises of Samsung security bulletin that has listed it as a “critical” issue.

It describes it as “A possible memory overwrites vulnerability in Quram qmg library allows possible remote arbitrary code execution.”

What can Hackers do?

With the help of the flaw, the hacker can execute codes without a user’s interaction with the device.

As for what the hacker gains are full access to a variety of personal user information such as call logs, contacts, microphone, storage, SMS messages, etc. which is alarming.

As per Jurczyk, “After reporting the crashes, I spent several weeks working on a 0-click MMS exploit proof-of-concept for one of the vulnerabilities. I managed to achieve this goal with a Samsung Galaxy Note 10+ phone running Android 10.”

What do you think about security flaws associated with tech giants? Let us know in the comment section below.

For more news and updates, stay tuned to Brandsynario.