The Indian government, through the Computer Emergency Response Team of India (CERT-In), has issued a high-risk warning to users of Samsung Galaxy phones.
CERT-In has published Vulnerability notes on its website (13-12-2023)
CIVN-2023-0361 – Multiple Vulnerabilities in Google Chrome for Desktop
CIVN-2023-0360 – Multiple Vulnerabilities in Samsung Products
Details are available on CERT-In website (https://t.co/EfuWZNuFJC)
— CERT-In (@IndianCERT) December 14, 2023
The alert, identified as CERT-In Vulnerability Note CIVN-2023-0360, points to critical security vulnerabilities in Samsung Mobile Android versions 11, 12, 13, and 14.
According to CERT0In, These severe vulnerabilities could allow attackers to bypass security measures, access sensitive information, and execute arbitrary code on targeted systems.
Nature of vulnerabilities
CERT-In’s research reveals multiple vulnerabilities, including improper access control in Knox features, an integer overflow flaw in facial recognition software, authorization issues with the AR Emoji app, and incorrect handling of errors in Knox security software.
Additionally, there are multiple memory corruption vulnerabilities in various system components, incorrect data size verification in the softsimd library, unvalidated user input in the Smart Clip app, and hijacking of certain app interactions in contacts, it said.
What are the potential risks?
CERTN-In said the attackers might trigger a heap overflow and stack-based buffer overflow, access device SIM PIN, send broadcasts with elevated privilege, read sandbox data of AR Emoji, bypass Knox Guard lock via changing system time, access arbitrary files, and compromise the targeted system.
The threat extends to various Samsung devices, including the Galaxy S23 series, Galaxy Z Flip5, Galaxy Z Fold5, and more.
How to secure your phone?
Samsung has released software patches to address these issues. Users are advised to:
Apply Security Updates: Navigate to Settings > Software update > Download and install on your device to apply the latest security patches.
Exercise Caution: Be vigilant, especially when interacting with untrusted sources or unknown applications.
Update Apps Regularly: Ensure all apps are updated via the Google Play Store.
Install Apps from Trusted Sources: Avoid downloading apps from third-party websites.
Be Cautious with Links: Avoid clicking on links from unknown senders.
Tip of the day: Beware of android apps malware.#indiancert #cyberswachhtakendra #staysafeonline #cybersecurity #G20India #g20dewg #besafe #staysafe #mygov #meity #onlinefraud #cybercrime #scam #cyberalert #CSK #cybersecurityawareness #cyberdost #DigitalIndia pic.twitter.com/9CvPlTRJLC
— CERT-In (@IndianCERT) December 13, 2023
Join our new WhatsApp Channel for the latest startup news updates