A serious security flaw has been discovered in Samsung’s mobile processors, with warnings coming from Google’s Threat Analysis Group. The vulnerability, known as CVE-2024-44068, is linked to a memory management error called “use-after-free.”
This flaw can be exploited to run harmful code remotely and gain higher control over affected devices. While Samsung has addressed the issue in its October 2024 security update, the problem may have already caused damage.
The affected processors are used in several Samsung Galaxy devices, including the Exynos 9820, 9825, 980, 990, 850, and W920. This means many Samsung’s older models are at risk. Due to the fact that these processors are not in newer devices, users with older models may need to act quickly to stay protected.
How Is the Exploit Being Used?
The vulnerability does not work alone but is part of a series of security flaws known as an “exploit chain.” Google researchers revealed that attackers have already found ways to use this bug.
In targeting specific media functions, attackers can access sensitive parts of the phone’s system, such as the cameraserver process. In practice, the attack takes advantage of media acceleration functions on Samsung’s processors. The exploit allows hackers to access memory after it has been freed, giving them the ability to execute malicious commands.
Researchers noted that the exploit even renames processes to make detection harder.
While no specific attackers have been publicly identified, experts believe spyware vendors could be involved. The growing number of these attacks in recent months has heightened the focus on security flaws in smartphones.
More from News
- Booking.com Data Breach: How Can Travellers Stay Protected From Scams?
- Big Tech Is Spending $725 Billion On AI This Year – And Even Record Profits Aren’t Calming The Markets Down
- What Is The SaaSpocolypse: Will It Be The End Of SaaS As We Know It?
- Who Really Controls Oil Prices? The OPEC Effect Explained
- Liz Kendall Speaks On Why AI Is At The Top Of Britain’s Economic And Security Agenda
- Taylor Swift Versus AI: The Trademark Battle That Could Reshape The Music Industry
- Converge Bio Designs Stronger Cancer Antibody With AI In Hours Using a Single Prompt, Signaling Shift In Drug Discovery
- DeepSeek Releases New AI Model – But What Makes It So Powerful?
How Are Google and Samsung Responding?
Google’s TAG played a big part in identifying and warning about this vulnerability. While Android 15 introduced security improvements, Samsung’s update rollout has been slower.
The delay means many users will have to wait until 2025 for the Android 15 upgrade, potentially leaving some devices exposed in the meantime.
Samsung has released a patch addressing the vulnerability in its latest security update, but only some devices are covered. A few older models with the affected Exynos processors may no longer receive regular monthly updates. This could leave those users with limited options other than upgrading their phones.
For Google, the situation comes at a delicate time. With the company promoting its Android 15 release, some Pixel users have reported technical issues, including devices that stopped working after the update. Although these teething problems have been frustrating for Pixel users, Google’s security is an important part in fighting threats like those found in Samsung’s devices.
What Should Samsung Users Do?
Experts recommend that Samsung Galaxy users update their devices immediately if the patch is available. For older phones that may no longer get monthly updates, switching to a newer device could be the safest solution. Users should also be cautious when downloading apps or granting permissions, as some spyware programs exploit such vulnerabilities to gain access.
While Samsung and Google are trying to sort out the issue, staying ahead of these threats requires quick action. Those with affected models should not delay in securing their devices to avoid falling victim to malicious attacks.
