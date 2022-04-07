Another was discovered quite serious security flaw in Samsung Galaxy smartphones equipped with the latest versions of Android, from 9 to 12. A scenario similar to the one we reported a little over a month ago, and which also in this case has a very similar epilogue – the problem was reported to Samsung and the fix was distributed with the February patches, which have now reached all devices at risk.

According to Kryptowire researchers, authors of the discovery, the flaw lay in the system phone app default of virtually all Galaxy, and allowed fraudulent apps to take over its special access privileges without the user having to provide any confirmation or authorization. The researchers say that the user only had to run an infected app once, and they list by way of example some of the potential consequences:

Making unauthorized calls

Reset to factory settings of the smartphone

Installing and uninstalling apps

Compromise of HTTPS connections

Kryptowire has successfully tested the vulnerability on three very different smartphones by price range and age: the Galaxy S21 Ultra, the Galaxy S10 Plus and the Galaxy A10e. But that’s just the tip of the iceberg. As we said, being the flaw inherent in the default phone app, we must assume that all Galaxy with Android 9, 10, 11 and 12 based software are vulnerable. On the other hand, a test on a Galaxy S8 still stopped at Android 8 Oreo returned a negative result. The flaw was also closed for Galaxy S9, right at the end of the official support period.