A serious security flaw has been discovered in Samsung’s mobile processors, with warnings coming from Google’s Threat Analysis Group. The vulnerability, known as CVE-2024-44068, is linked to a memory management error called “use-after-free.”
This flaw can be exploited to run harmful code remotely and gain higher control over affected devices. While Samsung has addressed the issue in its October 2024 security update, the problem may have already caused damage.
The affected processors are used in several Samsung Galaxy devices, including the Exynos 9820, 9825, 980, 990, 850, and W920. This means many Samsung’s older models are at risk. Due to the fact that these processors are not in newer devices, users with older models may need to act quickly to stay protected.
How Is the Exploit Being Used?
The vulnerability does not work alone but is part of a series of security flaws known as an “exploit chain.” Google researchers revealed that attackers have already found ways to use this bug.
In targeting specific media functions, attackers can access sensitive parts of the phone’s system, such as the cameraserver process. In practice, the attack takes advantage of media acceleration functions on Samsung’s processors. The exploit allows hackers to access memory after it has been freed, giving them the ability to execute malicious commands.
Researchers noted that the exploit even renames processes to make detection harder.
While no specific attackers have been publicly identified, experts believe spyware vendors could be involved. The growing number of these attacks in recent months has heightened the focus on security flaws in smartphones.
More from News
- INE Security and RedTeam Hacker Academy Announce Partnership to Advance Cybersecurity Skills in Middle East
- Online Fraud Rises To 3.3 Million Cases In The UK, Report Finds
- Hailey Bieber Sells Rhode For $1 Billion After 3 Years
- UK Hikers And Tourists Now Get Better Phone Coverage, Here’s How
- British Military Invests £1B in AI To Combat Cyber Warfare
- Fintech Funding Falls To Seven-Year Low
- Opsyte Appoints New Managing Director to Drive Next Phase of Growth
- OpenAI Partners with UAE Government: Will All UAE Residents Have Free Access To ChatGPT Plus?
How Are Google and Samsung Responding?
Google’s TAG played a big part in identifying and warning about this vulnerability. While Android 15 introduced security improvements, Samsung’s update rollout has been slower.
The delay means many users will have to wait until 2025 for the Android 15 upgrade, potentially leaving some devices exposed in the meantime.
Samsung has released a patch addressing the vulnerability in its latest security update, but only some devices are covered. A few older models with the affected Exynos processors may no longer receive regular monthly updates. This could leave those users with limited options other than upgrading their phones.
For Google, the situation comes at a delicate time. With the company promoting its Android 15 release, some Pixel users have reported technical issues, including devices that stopped working after the update. Although these teething problems have been frustrating for Pixel users, Google’s security is an important part in fighting threats like those found in Samsung’s devices.
What Should Samsung Users Do?
Experts recommend that Samsung Galaxy users update their devices immediately if the patch is available. For older phones that may no longer get monthly updates, switching to a newer device could be the safest solution. Users should also be cautious when downloading apps or granting permissions, as some spyware programs exploit such vulnerabilities to gain access.
While Samsung and Google are trying to sort out the issue, staying ahead of these threats requires quick action. Those with affected models should not delay in securing their devices to avoid falling victim to malicious attacks.
