Indian Computer Emergency Response Teams (CERT-In) has issued a critical alert users that several Samsung phones are vulnerable to cybersecurity threats. CERT-In has categorised the risk as high, emphasising that attackers may exploit these vulnerabilities to circumvent security measures, access confidential information, and execute unauthorised code on targeted systems. The identified vulnerabilities pose a potential threat to various components within the Samsung ecosystem.
Samsung has acknowledged the security vulnerabilities and has announced to rollout the security firmware along with Google’s Android patch in the upcoming December 2023 update.
Several flaws detected in KnoxCustomManagerService, SmartManagerCN, Knox Guard, bootloader, authorisation verification of AR emoji, various out of bounds write vulnerabilities in bootloader, improper input validation vulneribility in Smart Clip and more.
“Multiple vulnerabilities have been reported in Samsung products which could allow an attacker to bypass implemented security restrictions, access sensitive information and execute arbitrary code on the targeted system,” said CERT-In.
Samsung has acknowledged the security threats and has announced to rollout the security firmware along with Google’s Android patch in the upcoming December 2023 update.
“Samsung Mobile is releasing a maintenance release for major flagship models as part of monthly Security Maintenance Release (SMR) process. This SMR package includes patches from Google and Samsung,” reads the Samsung Security notification.
Samsung phones running Android OS versions 11, 12, 13 and 14 are said to be vulnerable to the cyber threats and device owners have been advised to update their phones.
Mitigation
To mitigate the risks associated with these vulnerabilities, users are strongly advised to take the following measures:
1. Apply security updates promptly.
2. Keep apps up to date.
3. Exercise caution when installing apps.
4. Be vigilant when clicking on links.
This urgent advisory aims to safeguard Samsung users from potential security threats and emphasises the importance of proactive measures to secure their devices.