Through Samsung’s vulnerability bounty program, a security researcher reported multiple security vulnerabilities to Samsung, and this was only a small part of the large-scale vulnerability discovery. Samsung is currently working to fix multiple vulnerabilities affecting its mobile devices, which may have been used by hackers to monitor devices or completely control the system.
Since the beginning of this year, Sergey Toshin, founder of Oversecured (specializing in mobile application security), has discovered more than a dozen vulnerabilities affecting Samsung devices. Three of them have the most serious impact on users, but there are not many relevant details.
0day on all Samsung devices: installing third-party apps and providing them Device Admin rights (no permissions required). However, it also leads that all other apps are being deleted😂 pic.twitter.com/yjy2AsoWTU
— Sergey Toshin (@_bagipro) February 14, 2021
Toshin revealed to BleepingComputer that the least serious of the three vulnerabilities can help attackers steal text messages. The other two vulnerabilities are more serious because they are more concealed. There is no need to interact with the user during use, and attackers can use it to read and/or write arbitrary files with higher permissions.
It is not yet clear when these fixes will be pushed to users, because this process usually takes about two months, because various tests are performed on the patch to ensure that it does not cause other problems. Toshin responsibly reported all three security vulnerabilities and is currently waiting to receive the bounty.
Since last year, Toshin has earned a $30,000 bounty from Samsung by discovering and reporting 14 vulnerabilities. For 7 of the vulnerabilities that have been patched, Toshin provided technical details and proof-of-concept utilization instructions in a blog post today. These vulnerabilities brought a $20,690 bounty.
If you like our news and you want to see such news even further, then follow RealMi Central on Google News, Telegram (RealMi Central, Xiaomi, Apple, Realme, Samsung, Microsoft, OnePlus, Huawei/Honor, Android 12), Twitter, Facebook (Page) (Group) & Instagram.