{"id":3415,"date":"2020-05-07T19:11:59","date_gmt":"2020-05-07T17:11:59","guid":{"rendered":"http:\/\/plus.maciejpiasecki.info\/index.php\/2020\/05\/07\/samsung-finally-patches-a-zero-click-vulnerability-that-existed-since-2014\/"},"modified":"2020-05-07T22:57:50","modified_gmt":"2020-05-07T20:57:50","slug":"samsung-finally-patches-a-zero-click-vulnerability-that-existed-since-2014","status":"publish","type":"post","link":"https:\/\/plus.maciejpiasecki.info\/index.php\/2020\/05\/07\/samsung-finally-patches-a-zero-click-vulnerability-that-existed-since-2014\/","title":{"rendered":"Samsung Finally Patches A Zero-Click Vulnerability That Existed Since 2014"},"content":{"rendered":"

With the May 2020 Android security patch, Samsung has fixed a critical zero-click vulnerability that impacted all its smartphones sold since 2014. The security flaw exploited how the company’s Android skin handles the 'Qmage’ image format (.qmg).
\nQmage is a custom image format developed by South Korean company Quramsoft. Samsung started supporting .qmg files in its Galaxy smartphones since 2014. The company reportedly uses them in Samsung Themes.
\nHowever, that implementation apparently had serious vulnerabilities. Mateusz Jurczyk, a security researcher working with Google’s Project Zero bug-hunting team, recently discovered a way to exploit it (via ZDNet).
\nThe vulnerability exploits how Skia (Android’s graphics library) handles .qmg images sent to a Samsung smartphone. The bug can be exploited in a zero-click scenario, which means it doesn’t need any user interaction.
\nSamsung fixes the zero-click vulnerability with May 2020 update
\nThe Android OS redirects all images received by the device to the Skia library for processing and generating thumbnail previews. This happens without a user’s knowledge.
\nJurczyk could exploit the bug by sending repeated MMS messages to Samsung phones. Since those images are redirected to the Skia library, he could guess the position of the library in the device’s memory.
\nKnowing the location of the Skia library means he could then bypass Android’s ASLR (Address Space Layout Randomization) protection. Once the library was located, one more MMS containing a Qmage file is sent to the phone. This file would then execute the attacker’s code on the device.
\nJurczyk says it takes anywhere between 50 and 300 MMS messages to exploit this vulnerability. The process takes about 100 minutes on average. The bug can be exploited through any app that can receive Qmage images, including Samsung’s Messages app.
\nThe researcher could even get MMS messages fully processed by the Skia library without triggering a notification sound. So fully stealth attacks are very much possible.
\nJurczyk discovered and reported the vulnerability to Samsung in February. The South Korean company eventually patched it with the May 2020 Android security update.
\nThe May security maintenance release for Samsung smartphones also contains fixes for 18 other Samsung Vulnerabilities and Exposures (SVE), the vulnerabilities that are exclusive to Samsung’s custom Android skin. In addition, it also fixes nine critical and dozens of high and moderate-risk Android OS vulnerabilities.
\nSamsung started rolling out the May 2020 Android security update last week. The update has so far been released for the Galaxy S20,\u00a0Galaxy Fold,\u00a0Galaxy Note 10,\u00a0Galaxy S10, Galaxy Z Flip, and the Galaxy A50 phones. It should also be available to other eligible Galaxy smartphones in the coming weeks.<\/p>\n

The post Samsung Finally Patches A Zero-Click Vulnerability That Existed Since 2014 appeared first on Android Headlines.
\n
\nSource: ndroidheadlines.com <\/p>\n","protected":false},"excerpt":{"rendered":"

With the May 2020 Android security patch, Samsung has fixed a critical zero-click vulnerability that impacted all its smartphones sold […]<\/p>\n","protected":false},"author":12,"featured_media":3416,"comment_status":"false","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-3415","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-bez-kategorii"],"_links":{"self":[{"href":"https:\/\/plus.maciejpiasecki.info\/index.php\/wp-json\/wp\/v2\/posts\/3415","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/plus.maciejpiasecki.info\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/plus.maciejpiasecki.info\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/plus.maciejpiasecki.info\/index.php\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/plus.maciejpiasecki.info\/index.php\/wp-json\/wp\/v2\/comments?post=3415"}],"version-history":[{"count":1,"href":"https:\/\/plus.maciejpiasecki.info\/index.php\/wp-json\/wp\/v2\/posts\/3415\/revisions"}],"predecessor-version":[{"id":3417,"href":"https:\/\/plus.maciejpiasecki.info\/index.php\/wp-json\/wp\/v2\/posts\/3415\/revisions\/3417"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/plus.maciejpiasecki.info\/index.php\/wp-json\/wp\/v2\/media\/3416"}],"wp:attachment":[{"href":"https:\/\/plus.maciejpiasecki.info\/index.php\/wp-json\/wp\/v2\/media?parent=3415"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/plus.maciejpiasecki.info\/index.php\/wp-json\/wp\/v2\/categories?post=3415"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/plus.maciejpiasecki.info\/index.php\/wp-json\/wp\/v2\/tags?post=3415"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}