• About us
  • Disclaimer
  • Privacy Policy
Thursday, August 11, 2022
  • Login
  • Register
W-SE (Web - SEcurity)
  • Tech today
  • Security
    • Malware
    • Top list
  • Vulnerabilities
  • How To?
    • All
    • gaming
    • Smart phone
    • smart tv
    • software
    Tips for Buying the Perfect Travel Sim Card

    Tips for Buying the Perfect Travel Sim Card

    How to Write Farewell and Appreciate Messages

    How to Write Farewell and Appreciate Messages?

    Software help business

    Reasons to Buy the Right Business Hardware

    How to Invest in NFT Art?

    Ideal Internet Speed for Online Gaming

    Ideal Internet Speed for Online Gaming

    AceThinker Online Video Editor and Pro

    AceThinker Online Video Editor and Pro

    Trending Tags

    • Web Security
    • Data Security
    • Network Security
    • Cybersecurity
  • About us
  • Disclaimer
  • Privacy Policy
  • Contact
No Result
View All Result
  • Tech today
  • Security
    • Malware
    • Top list
  • Vulnerabilities
  • How To?
    • All
    • gaming
    • Smart phone
    • smart tv
    • software
    Tips for Buying the Perfect Travel Sim Card

    Tips for Buying the Perfect Travel Sim Card

    How to Write Farewell and Appreciate Messages

    How to Write Farewell and Appreciate Messages?

    Software help business

    Reasons to Buy the Right Business Hardware

    How to Invest in NFT Art?

    Ideal Internet Speed for Online Gaming

    Ideal Internet Speed for Online Gaming

    AceThinker Online Video Editor and Pro

    AceThinker Online Video Editor and Pro

    Trending Tags

    • Web Security
    • Data Security
    • Network Security
    • Cybersecurity
  • About us
  • Disclaimer
  • Privacy Policy
  • Contact
No Result
View All Result
W-SE (Web - SEcurity)
No Result
View All Result
Home Security

Samsung Essential Patches 0-Click on Device Vulnerability

Melina Richardson by Melina Richardson
in Security, Vulnerabilities
A A

Samsung launched its May 2020 security update kit for Android smartphones this week, which includes a crucial vulnerability fix that has affected all of its devices since 2014.

In addition to the patches in the Android Security Bulletin – May 2020, the handset maker’s patch updates 19 vulnerabilities unique to Samsung smartphones. The most prominent of these are the two crucial vulnerabilities in the stable bootloader and the Quram qmg decoding library.

The first problem is a heap-based buffer overflow that could cause a stable boot to be bypassed and potentially result in arbitrary code execution. Samsung says it addressed the bug with proper validation, but does not provide further details about the vulnerability.

The second security flaw is the memory overwrite issue that could result in the remote execution of arbitrary code that resides in the Quram qmg library.

The bug appears to affect all Samsung smartphones released since 2014, when the company added support for the custom Qmage image format (.qmg) developed by Korean third-party company Quramsoft.

Discovered by Google Project Zero Security Researcher Mateusz Jurczyk, this vulnerability can be exploited through malicious MMS (multimedia) messages without user interaction. The 0-click MMS exploit proof-of-concept video demonstration is now available (but not the exploit code).

The researcher says that since there are four major versions of Qmage, Samsung’s Android smartphones released since late 2014/early 2015 have been affected to varying degrees. The most recent devices are likely to be affected by the largest number of issues, including support for all versions of Qmage.

The researcher used the bug on the Samsung smartphone running Android 10 (with patches installed in February 2020) with the default Samsung Messages device set as the SMS / MMS handler.

“The insecure codec runs input images in the sense of the attacked device processing, so that the attacker even gets the privileges of the app. In the case of my example, that’s Samsung Messages, which has access to a variety of personal user information: call logs, addresses, microphone, data, SMS, etc, “says Jurczyk.

Only Samsung devices are affected, because the vulnerable piece of software is delivered only on company devices.

High severity bugs the South Korean phone maker patched this month include arbitrary code execution in the Quram library with jpeg decoding, possible brute force attack in the Gatekeeper Trustlet, and possible spoofing in the selected Broadcom Bluetooth chipset (which uses PRNG with low entropy).

Samsung did not provide details on all vulnerabilities addressed this month, but found that it had fixed five low-severity flaws: leakage of clipboard information via USSD in locked state, possible heap overflow in bootloader, unauthorized change of preferred SIM card in locked state, possible relative buffer write in S.LSI Wi-Fi drivers, and FRP bypass with SPEN.

 

 

ShareTweetShare
Previous Post

New GitHub Apps Help you Find Bugs and Secrets in the Code

Next Post

How to Recover Deleted Files on Android with MobiKin

Melina Richardson

Melina Richardson

Melina Richardson is a Cyber Security Enthusiast, Security Blogger, Technical Editor, Certified Ethical Hacker, Author at Cybers Guards & w-se. Previously, he worked as a security news reporter.

Next Post
Pay Per Download Websites

How to Recover Deleted Files on Android with MobiKin

Please login to join discussion

Free Online Tools

Article Rewriter Pro
Grammar Checker Pro
Plagiarism Checker
Online Ping Website Tool
Website Screenshot Generator
Website Source Code Finder

Free A To Z IT Tools Online

Free IT Tools Online
  • Trending
  • Comments
  • Latest
inurl technology

Latest Carding Dorks List for Sql Injection 2022

March 16, 2022
connect monitor to laptop two screens

How To Connect A Monitor To A Laptop And Use Both Screens?

February 10, 2021
how to connect two monitors to my laptop

How Do I Connect 2 Monitors To My Lenovo Laptop?

January 22, 2021
Gb Whatsapp An Unexpected Error

Gb Whatsapp An Unexpected Error

November 7, 2021
Windows Flaw

If Older Battleye software is used, Windows 10 1903 Blocked

0
Mac Os

New unpatched macOS bypass gatekeeper published online

0
Siemens Medical Products

Wormable Windows Flaw Affected Siemens Medical Products

0
Cloud Computing

5 Tips of the Personal Data Protection in the Cloud

0
Tips for Buying the Perfect Travel Sim Card

Tips for Buying the Perfect Travel Sim Card

August 5, 2022
How to Write Farewell and Appreciate Messages

How to Write Farewell and Appreciate Messages?

August 5, 2022
Cyber Security Degree In Pennsylvania

Ways Block Chain Affect Web Security in 2022

August 5, 2022

10 Tips on How to Improve your Software Development Skills

July 19, 2022

Quick Links

Learnopedia
Tech Write For US
Technology Write For US
Casino Write For Us
Mr.Perfect Reviews
Cyber Security Career

Recent News

Tips for Buying the Perfect Travel Sim Card

Tips for Buying the Perfect Travel Sim Card

August 5, 2022
How to Write Farewell and Appreciate Messages

How to Write Farewell and Appreciate Messages?

August 5, 2022
Cyber Security Degree In Pennsylvania

Ways Block Chain Affect Web Security in 2022

August 5, 2022

10 Tips on How to Improve your Software Development Skills

July 19, 2022
W-SE (Web – SEcurity)

W-SE regularly updates cyber attacks, hacking and events that provide IT security professionals with information throughout the world. Also offering news in W-SE. We spent two years living and sharing guidance and insights with IT experts, detailed analyzes and news.

We also train people with product reviews in different form of content.

Browse by Category

  • computer
  • Fraud & Identity
  • gaming
  • How To?
  • laptop
  • Malware
  • Microsoft
  • Mobile
  • photography
  • Privacy
  • Reviews
  • Security
  • Security Degree
  • Smart phone
  • smart tv
  • Social
  • software
  • Tech
  • Tech today
  • Top list
  • Uncategorized
  • Virus & Threats
  • Vulnerabilities
  • Website
  • What is?

Recent News

Tips for Buying the Perfect Travel Sim Card

Tips for Buying the Perfect Travel Sim Card

August 5, 2022
How to Write Farewell and Appreciate Messages

How to Write Farewell and Appreciate Messages?

August 5, 2022
  • About us
  • Contact
  • Disclaimer
  • Home
  • Privacy Policy
  • Resources
  • Support Forum
  • Tech Blog
  • Technology Write For Us
  • W-SE (Web Security)

© 2020 w-se.com - Powered by Fix Hacked Website, Cyber Special , SSL Authority Reviews Powered by Mr.Perfect Reviews.

No Result
View All Result
  • Tech today
  • Security
    • Malware
    • Top list
  • Vulnerabilities
  • How To?
  • About us
  • Disclaimer
  • Privacy Policy
  • Contact

© 2020 w-se.com - Powered by Fix Hacked Website, Cyber Special , SSL Authority Reviews Powered by Mr.Perfect Reviews.

Welcome Back!

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Fill the forms below to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In