Samsung Galaxy S22, one of the most popular smartphones from the South Korean smartphone manufacturer, has recently come under scrutiny due to the discovery of multiple vulnerabilities that could compromise user security.
These vulnerabilities in Samsung Galaxy S22, specifically related to the InstantPlaysDeepLink and McsWebViewActivity classes, allow remote attackers to execute arbitrary code on affected devices.
Patches have been issued for the vulnerabilities.
Three vulnerabilities in Samsung Galaxy S22
Among the three vulnerabilities in Samsung Galaxy S22, the first vulnerability, known as the InstantPlaysDeepLink Permissive List of Allowed Inputs Remote Code Execution Vulnerability, was reported by researcher Chim.
Exploiting this flaw requires user interaction, such as visiting a malicious website or opening a malicious file.
Attackers can utilize this vulnerability to execute code within the user’s context. The severity of this vulnerability has been classified with a CVSS score of 8.8.
The other two vulnerabilities, both related to the McsWebViewActivity class, were reported by Sam Thomas of Pentest Ltd and Interrupt Labs.
These vulnerabilities in Samsung Galaxy S22 share similarities with the first one, requiring user interaction to exploit the permissive list of allowed inputs. These vulnerabilities also have a significant potential impact, as indicated by their assigned CVSS score 8.8.
These vulnerabilities in the Samsung Galaxy S22 smartphone present serious risks for device users.
If successfully exploited, remote attackers can execute arbitrary code on the affected devices, potentially gaining unauthorized access to sensitive information and compromising the overall security and privacy of the user.
There have been no reported incidents of these vulnerabilities being exploited in the wild. Nevertheless, users must remain vigilant and take precautionary measures to safeguard their devices and personal data.
Addressing Vulnerabilities in Samsung Galaxy S22
Samsung has promptly taken action upon becoming aware of these vulnerabilities in Samsung Galaxy S22 smartphones.
They have released an update specifically designed to fix these issues. It is strongly recommended that users install this update as soon as possible to mitigate the risks associated with the vulnerabilities.
To ensure the security of their products, Samsung maintains a dedicated security website where users can find more information about the vulnerabilities and access the necessary updates. The website can be accessed at https://security.samsungmobile.com/serviceWeb.smsb.
As of December 2022, despite the big hype around Samsung S22 devices, the South Korean technology giant’s ambitious goal of selling 30 million units of the Galaxy S22 series is slipping away because recent reports suggest that the company might need to catch up to this target.
Media reports suggest that Galaxy S22 series shipments may fall short of 30 million units, unlike the Galaxy S21 series, which sold around 25 million units in 2021.
However, one must pay attention to the popularity of the device among Android users, which, according to MobileSyrup, reached 1.01 million units last year.
Moreover, the vulnerabilities in Samsung Galaxy S22 could lead to remote code execution for those 1.01 million users.
As a precaution, users should take immediate action to protect their devices by installing the update provided by Samsung.
Although no incidents of exploitation have been reported, the risks associated with these vulnerabilities underscore the importance of regular software updates and maintaining awareness of potential security threats.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
