Several major security vulnerabilities in Samsung pre-installed Android apps have been discovered, which, if properly exploited, might have given hackers access to personal data without the users’ permission and allowed them to take control of the devices.
Oversecured notified Samsung about the vulnerabilities in February 2021, and the company delivered patches as part of its monthly security releases for April and May.
The following is a list of the seven vulnerabilities:
- CVE-2021-25356 – third-party authentication bypass in Managed Provisioning
- CVE-2021-25388 – Arbitrary app installation vulnerability in Knox Core
- CVE-2021-25390 – Intent redirection in PhotoTable
- CVE-2021-25391 – Intent redirection in Secure Folder
- CVE-2021-25392 – Possible to access notification policy file of DeX
- CVE-2021-25393 – Possible to read/write access to arbitrary files as a system user (affects the Settings app)
- CVE-2021-25397 – Arbitrary file write in TelephonyUI
These weaknesses have the potential to be used to install arbitrary third-party apps, allow device admin rights to uninstall other installed apps or steal sensitive files, read or write arbitrary files as a system user, and potentially perform privileged activities.
“The impact of these bugs could have allowed an attacker to access and edit the victim’s contacts, calls, SMS/MMS, install arbitrary apps with device administrator rights, or read and write arbitrary files on behalf of a system user which could change the device’s settings”, mobile security company Oversecured, said in a report published on Thursday.
Oversecured demonstrated how to use the intent redirection issues in PhotoTable and Secure Folder to hijack the applications’ rights to access the SD card and read contacts stored on the phone in a proof-of-concept (PoC) demo.
Similarly, an attacker may leverage CVE-2021-25397 and CVE-2021-25392 to overwrite the file containing SMS/MMS messages with malicious code and steal data from the user notification.
To avoid any potential security threats, it is recommended that Samsung users should download the latest firmware updates on their device.
You might also like: Critical RCE bug found in VMware vCenter Server exploited in wild