Samsung says that the flaw has been exploited in the wild
A remote attacker can send an image file, created specifically to cause a problem, to a vulnerable device. When the device attempts to process the image, the malicious code is written in a space where it doesn’t belong. This overflow data can contain malicious code, and if it is written into a specific memory location, the attacker can trick the system into executing that code allowing the attacker to take control of the device. This would result in the attacker having access to the victim’s phone.
Because this is a zero-click attack, the victim does not have to do anything to set it off. That makes it more dangerous than your typical phishing scam since there is nothing that you can avoid pressing to prevent the attack from happening. These attacks take place in the background, making it hard for you to know that your phone is compromised. These attacks are considered to be rare because they are so hard to pull off.
Targets of these attacks are usually high-profile individuals
Such attacks are also sophisticated which means they are attempted by well-funded nation-states engaged in some sort of espionage campaign against well-known individuals. Targets include journalists, politicians, diplomats and those working in government defense departments.
A similar zero-click vulnerability targeted to iPhone models was patched by WhatsApp last month. WhatsApp said that it fixed an “incomplete authorization of linked device synchronization messages in WhatsApp.” This “could have allowed an unrelated user to trigger processing of content from an arbitrary URL on a target’s device.” Combined with another vulnerability WhatsApp handled last month, the pair of vulnerabilities were exploited against targeted users via a sophisticated attack.
What if you’re not well known?
Even though these are said to be targeted attacks, it doesn’t mean that you shouldn’t take precautions. Attackers eyes get wide when they are going after a device that doesn’t have the current OS version and a recent security patch installed. Don’t make this easy for them, especially since it is so easy to make sure that your device is running the most up-to-date versions of Android and security updates on your phone.
“Iconic Phones” is coming this Fall!
Good news everyone! Over the past year we’ve been working on an exciting passion project of ours and we’re thrilled to announce it will be ready to release in just a few short months.
