These three Galaxy had vulnerabilities that were exploited without Samsung notifying users

0
11

According to a Google Project Zero blog post, several zero-day vulnerabilities in some Galaxy phones were exploited by commercial software without Samsung notifying users. The customers of that software may be telecommunications or technology companies that track their customers for the purpose of monetizing personal data by delivering targeted advertising. Or it could be something more sinister. The vulnerabilities found in the Samsung software were part of a chain of vulnerabilities that allowed an attacker to gain read and write privileges on the kernel, which could potentially reveal personal data on the phone. The exploit targets Samsung Galaxy phones with an Exynos chip that uses kernel 4.14.113. Phones from 2020 that match that description include the Samsung Galaxy S10, Galaxy A50, and Galaxy A51. The problems start when a user is tricked into installing an app on their phone outside of the Google Play Store. Google informed Samsung about the vulnerabilities in 2020 and although Samsung submitted a patch in March 2021, the company did not mention that the vulnerabilities were being actively exploited. Looking ahead, Samsung has agreed to disclose when its vulnerabilities are being actively exploited by joining Apple and Google. These last two manufacturers already alert users when an event of this type occurs. Tremendous progress has been made in recent years in transparent disclosure by vendors of vulnerabilities known to be exploitable: Adobe, Android, Apple, ARM, Chrome, Microsoft, Mozilla and others share this information via of your safety notes. While we understand that Samsung has not yet indicated any vulnerabilities as being actively exploited, in the future, Samsung has committed to publicly sharing when vulnerabilities may be under limited and targeted exploitation, as part of its release notes.

SEE ALSO  Five gadgets to get right when giving gifts on Father's Day without spending more than 50 euros