Be the first - Pre-order the Galaxy S25 Ultra today! Follow us on Google news!

SamMobile has affiliate and sponsored partnerships. If you buy something through one of these links, we may earn a commission.

News For You
Notifications

[Updated] Samsung keeps ignoring a huge security flaw in millions of Galaxy phones

General
By 

Last updated: April 4th, 2023 at 13:26 UTC+02:00

A massive Mali GPU security flaw that virtually affects millions of Samsung phones running on Exynos chipsets was confirmed last year in November. Since then, this Mali vulnerability became a part of a chain that hackers successfully exploited to lead unsuspecting Samsung Internet users to malicious websites. And although that particular exploit chain was broken, the Mali security flaw uncovered last year continues to affect almost every Samsung device powered by Exynos, save for the Galaxy S22 and its Xclipse 920 GPU.

Google's Threat Analysis Group (TAG) revealed the exploit chain earlier today. In December 2022, TAG discovered this exploit chain that relies on multiple 0-day and n-day vulnerabilities and targets the Chrome and Samsung Internet browsers.

More specifically, two vulnerabilities in this chain concern Chrome. And since Samsung Internet Browser uses Chromium, the app was used as an attack vector in conjunction with the Mali GPU kernel driver vulnerability reported last year. This Mali exploit grants attackers system access.

Through this chain of exploits, hackers would send one-time links via SMS to Samsung Galaxy devices located in the UAE (United Arab Emirates). The links would redirect unsuspecting users to a page that would deliver “a fully featured Android spyware suite written in C++ that includes libraries for decrypting and capturing data from various chat and browser applications.”

The chain was broken. But Samsung keeps ignoring the Mali GPU issue

What's the current situation? Well, Google fixed those two Chrome vulnerabilities mentioned above and patched its own Pixel phones at the beginning of 2023. Samsung also fixed its Samsung Internet browser in December 2022. The Korean tech giant addressed the two flaws related to Chromium (CVE-2022-4262 and CVE-2022-3038) through an Internet browser app update after version 19.0.6.

Samsung broke the exploit chain that was leveraging its Chromium-based Internet app and the Mali kernel vulnerability in December, and it appears that the attacks on users in the UAE have stopped. However, one glaring issue remains.

The exploit chain Google detailed today was addressed thanks to Samsung Internet browser updates in December. But one link in the chain, consisting of the massive Mali security vulnerability (CVE-2022-22706), remains unpatched on Samsung devices equipped with Exynos chipsets and Mali GPUs. That is, despite the fact that Mali already provided a fix for its kernel driver exploit as early as January 2022.

Until Samsung mends this issue through a security firmware patch containing the Mali fix, it appears that the majority of Galaxy devices featuring Exynos SoCs remain vulnerable to the Mali GPU kernel driver exploit.

Update: Samsung reached out to us with the following statement “Samsung takes the security of its products very seriously. We have already taken necessary steps to prevent these potential exploit chains by issuing patches for the Samsung Internet app in December 2022. December's updates to the Samsung Internet app disable entry points for the remaining vulnerabilities and ensure devices are protected.

We are actively collaborating with our partners to release patches for the remaining vulnerabilities as early as possible, starting April, and recommend all users keep their devices updated with the latest software to ensure the highest level of protection possible.”

FirmwareGeneralPhone ExynosSamsung Electronics
Galaxy AI summarized

Scroll for more related content
News For You

You might also like

Unpacked shows why Samsung Galaxy and Android are as thick as thieves

Unpacked shows why Samsung Galaxy and Android are as thick as thieves

Many people love it, some not so much, but the truth is that Samsung Galaxy is the face of Android today more than ever. “Galaxy” and “Android” have become synonymous, and Samsung will strengthen that perception even further at Unpacked this week. One big reason things turned out the way they did is the bond […]

  • By Mihai Matei
  • 5 days ago
Google’s and Samsung’s Eclipsa Audio is coming to Galaxy phones, tablets

Google’s and Samsung’s Eclipsa Audio is coming to Galaxy phones, tablets

Earlier this month, Google and Samsung revealed a new spatial audio format called Eclipsa Audio. It is a royalty-free alternative to the popular format Dolby Atmos. Now, Google has revealed that Eclipsa Audio is coming to Android devices. Eclipsa Audio is coming to Android (including Galaxy) phones and tablets Google revealed last week that IAMF-based […]

  • By Asif Iqbal Shaik
  • 5 days ago
Samsung has a new solution to push employess to work harder

Samsung has a new solution to push employess to work harder

Samsung is going through one of the most challenging times in its history. Due to issues in its memory and semiconductor chip businesses, the company's stock prices have fallen drastically compared to six months ago. The South Korean firm is now trying a new solution that could change its fate. Samsung will tie bonuses of […]

  • By Asif Iqbal Shaik
  • 7 days ago
Chipsets used in Samsung’s upcoming mid-range tablets leak

Chipsets used in Samsung’s upcoming mid-range tablets leak

Samsung is planning to launch at least three mid-range tablets this year, and one of them could be a rugged device. A new leak sheds light on the processors (chipsets) that the upcoming Galaxy tablets will come equipped with. Galaxy Tab S10 FE, S10 FE+ to feature Exynos 1580 The South Korean firm will equip […]

  • By Asif Iqbal Shaik
  • 1 week ago
Samsung readies for Super Bowl with new Game Day store section

Samsung readies for Super Bowl with new Game Day store section

With just a few weeks left before Super Bowl LIX kicks off at Caesars Superdome in New Orleans, Samsung has launched a new section on its online store to help visitors pick the best devices for a pleasant viewing experience. The new e-store section, called Game Day Essentials, is divided into several categories, including: Must […]

  • By Mihai Matei
  • 1 week ago
Samsung and Nokia sign licensing deal for video tech in smart TVs

Samsung and Nokia sign licensing deal for video tech in smart TVs

Samsung and Nokia are crossing each other's paths again, but not because of 5G or a mobile deal. Instead, Samsung will be using Nokia's proprietary video technologies for smart TVs. According to the latest news (via MSN – Reuters), Nokia and Samsung have signed a multi-year patent license agreement today. The agreement will allow Samsung […]

  • By Mihai Matei
  • 1 week ago