ALLCORE_BLACK_TRANSPARANT

Update your Samsung phone as soon as possible to prevent it from being hijacked

Kryptowire, a company that provides mobile security and privacy solutions, has announced that it has discovered a serious security vulnerability in Samsung devices running Android versions 9 through 12. The vulnerability (CVE-2022-22292) allows local applications to mimic system-level activity and “hijack” crucial secure functionality.

After hijacking your device, attackers are given the option to perform a factory reset (read: erase all user data), make phone calls (including to emergency numbers such as 112), install/uninstall apps and install https security. weaken it by installing arbitrary root certificates. All this from untrusted apps running in the background and without end user consent.

The CVE-2022-22292 vulnerability was notified to Samsung on November 27, 2021, and received a “High” severity rating from the manufacturer. In February 2022, Samsung patched the vulnerability as part of its ongoing Security Maintenance Release (SMR) process. The vulnerability resides in the pre-installed Phone app that runs with system privileges on Samsung devices running Android versions 9 through 12. The Phone app has an insecure component that allows local apps to perform privileged actions without user consent.

If for whatever reason you haven’t updated your Samsung phone yet, we think it’s an excellent time to do so. Technical information about the Samsung vulnerability can be found here.

Source: Hardware.info

Inschrijven voor onze nieuwsbrief

* indicates required

Selecteer op welke manier we u mogen contacteren:


U kunt op ieder moment zich uitschrijven op onze emails door op de link te klikken in de voet van onze emails. Voor meer informatie omtrent privacy, bezoek onze website.

Wij gebruiken Mailchimp als ons marketing platform. Door onderaan op inschrijven te klikken stem je toe dat uw emailadres zal worden doorgegeven aan mailchimp om te verwerken. Lees hier meer over Mailchimp's verwerking van privacy data.