Problems allow access to data without user consent and take over control of the device.
Seven dangerous vulnerabilities have been discovered in the pre-installed Samsung Android apps. Their exploitation allows cybercriminals to gain access to confidential data without user consent and take control of the device.
Issues can be used to install arbitrary third-party applications, grant the device administrator privileges to uninstall other installed applications or steal confidential files, read or write arbitrary files as a system user, and even perform privileged actions.
As explained by specialists from the Oversecured company, vulnerabilities in PhotoTable and Secure Folder can be used to hack application permissions to access the SD card and read contacts stored on the phone. Similarly, using vulnerabilities CVE-2021-25397 and CVE-2021-25392, an attacker can overwrite the file that stores SMS / MMS messages, replace them with malicious content, and steal data from user notifications.
Experts reported their findings to Samsung in February 2021, and the company has released fixes for these issues.
Catch up on more stories here
Follow us on Facebook here