SamMobile has affiliate and sponsored partnerships. If you buy something through one of these links, we may earn a commission.

News For You
News For You
Notifications

October security patch fixes serious vulnerability affecting a few Samsung phones

General
By 

Last updated: November 14th, 2024 at 14:27 UTC+01:00

Earlier this week, Google’s Project Zero security analysis team revealed that cyber-attackers are exploiting a bug within Android OS, which affects 18 known phone models including three Samsung devices, namely the Galaxy S7, Galaxy S8, and Galaxy S9. The issue stems from a local privilege escalation vulnerability which can give attackers full control over an affected device.

Google’s Project Zero team labeled it a “high severity vulnerability,” but the good news is that a fix has already been devised and will roll out along with the October 2019 security patch. The need for secrecy might be why Google has yet to detail the October 2019 security patch in an official changelog. Either way, the company said its Pixel 1 and 2 will no longer be vulnerable after the update, adding that a patch has also been made available to partners to make sure that the problem doesn’t spread throughout the Android ecosystem.

Samsung already rolling out the October patch

The severity of the bug could also be the reason why Samsung already launched the October security patch for several Galaxy devices, even as the changelog was missing. So far, Samsung released the October 2019 security patch for the Galaxy S10 5G, the Galaxy A20e, Galaxy A50, as well as the A30 and Galaxy J2 Core.

Interestingly, all of these phones sans the Galaxy S10 5G follow the quarterly update schedule, and none of them have been mentioned by the Project Zero team as being vulnerable. Then again, the list of affected devices shared in Chromium isn’t final and there could be more phones that are or have been open to attacks.

The vulnerability is reportedly being exploited by the NSO Group

According to Project Zero, the vulnerability can be exploited either when a user installs an untrusted app, or via a web browser by combining it with another exploit residing in the code that determines how content is being rendered in Chrome.

Project Zero member, Maddie Stone, said there are reasons to believe the vulnerability is being exploited by the NSO Group or its clients. This is an Israel-based exploit developer and is known to sell its malicious product to various governmental bodies. A few years ago the same group was responsible for developing the “Pegasus” spyware for mobile devices, which was designed to jailbreak or root iOS / Android phones and expose private data.

How to keep safe

Because the vulnerability requires either an additional app to open up the exploit or a second exploit within the Chrome web browser for it to work, it shouldn’t be difficult to keep your phone safe even if you haven’t received the October 2019 security patch yet. Just be mindful of what third-party apps you install and refrain from installing apps from untrusted sources. Likewise, you might want to use a different mobile web browser instead of Chrome, at least until the vulnerability will be fully patched.

Via GeneralPhone Galaxy S7Samsung Galaxy S8Samsung Galaxy S9
Galaxy AI summarized

Scroll for more related content
News For You

You might also like

iPhone 17 camera to use feature Samsung abandoned years ago

iPhone 17 camera to use feature Samsung abandoned years ago

Samsung’s Galaxy S9 and Galaxy S9+, which the company launched in 2018, were the first smartphones in the world to offer variable aperture for the primary camera at the rear. You could select between f/1.5 and f/2.4 apertures. The former gave you brighter photos in poorly lit environments but kept only a small area in […]

  • By Abid Iqbal Shaik
  • 5 months ago
Galaxy S24 sales surpass 1 million mark in South Korea, beating Galaxy S8

Galaxy S24 sales surpass 1 million mark in South Korea, beating Galaxy S8

The Galaxy S24 series has received tremendous response since its launch last month. Samsung's new flagship smartphone series broke pre-order records in several countries, including India and South Korea. Samsung has revealed that the Galaxy S24 series sales have crossed 1 million in its home country in record time. Galaxy S24 sales cross 1 million […]

  • By Asif Iqbal Shaik
  • 10 months ago
Galaxy Note 7 fiasco might have given Oppo an important employee

Galaxy Note 7 fiasco might have given Oppo an important employee

Samsung and Oppo recently found themselves competing in the foldable phone market even though they barely operate in the same regions. However, OnePlus is an Oppo subsidiary representing its parent company in the foldable phone segment outside China. OnePlus's first Z Fold-like foldable device called ‘Open' is essentially the same Oppo Find N3 announced for […]

  • By Mihai Matei
  • 1 year ago
Galaxy S24 Ultra could share a design element with the Galaxy S9

Galaxy S24 Ultra could share a design element with the Galaxy S9

With Samsung's biggest phone launches for 2023 done and dusted, the company is no doubt focusing all its efforts on the Galaxy S24 lineup. The rumor mill has given us plenty of information about the Galaxy S24, Galaxy S24+, and Galaxy S24 Ultra over the last few weeks, and we have also seen the design […]

  • By Abhijeet Mishra
  • 1 year ago
Galaxy S23 FE might bring back this iconic Galaxy S9 color

Galaxy S23 FE might bring back this iconic Galaxy S9 color

Slowly but surely, leaks and rumors keep coming in to paint a more complete picture of the upcoming Galaxy S23 FE. The latest bit of information we received about the next Fan Edition device pertains to color options, and by the looks of it, Samsung might bring back a rare shade of purple. Here's a […]

  • By Mihai Matei
  • 1 year ago
Samsung releases new firmware update for the Galaxy S6 series

Samsung releases new firmware update for the Galaxy S6 series

Several old Samsung Galaxy S-series phones were suffering from the GPS issue, which the company has been fixing by delivering updates. Galaxy devices such as the Galaxy S8 from 2017, and the Galaxy S7 from 2016, have already bagged the GPS bug fix update, and now it is time for an even older series, the […]

  • By Sagar Naresh
  • 2 years ago