Tag Archive for: Samsung

CERT-In Issues High-Risk Security Alert On Certain Samsung Mobile Android Versions


SUMMARY

The affected software includes Samsung mobile Android versions 11, 12, 13 and 14

Multiple vulnerabilities have been reported in Samsung products which could allow an attacker to bypass implemented security restrictions, access sensitive information and execute arbitrary code on the targeted system: CERT-In

Samsung is one of the leading smartphone manufacturers in India, along with companies including Xiaomi, OPPO, OnePlus and Apple

The Computer Emergency Response Team (CERT-In), the Centre’s nodal agency dealing with cyber security, has issued a high-risk security alert for four versions of Samsung phones, saying that multiple vulnerabilities have been reported in the products with certain software.

The affected software includes Samsung mobile Android versions 11, 12, 13 and 14.

“Multiple vulnerabilities have been reported in Samsung products which could allow an attacker to bypass implemented security restrictions, access sensitive information and execute arbitrary code on the targeted system,” said CERT-In in its vulnerability note.

These vulnerabilities exist due to issues such as improper access control in Knox features, issues in the facial recognition software, improper authorisation verification vulnerability in AR emoji, improper input validation vulnerability in Smart Clip, and others, said the advisory. 

“Successful exploitation of these vulnerabilities may allow an attacker to trigger heap overflow and stack-based buffer overflow, access device SIM PIN, send broadcast with elevated privilege, read sandbox data of AR emoji, bypass Knox guard lock via changing system time, access arbitrary files, gain access to sensitive information, execute arbitrary code and compromise the targeted system,” it added.

These vulnerabilities are likely to affect a range of Samsung devices, including the Galaxy S23 series, Galaxy Flip 5, and Galaxy Fold 5. 

Meanwhile, Samsung is one of the leading smartphone manufacturers in India, along with companies including Xiaomi, OPPO, OnePlus and Apple. The company has also been bolstering its position as one of the top smartphone manufacturers in the country.

As per a Canalys report, Samsung maintained its top position with…

Source…

Samsung Galaxy A32 5G gets updated with December 2023 security patch


While other phones are getting the Android 14 update, older Galaxy phones that are not eligible for that update are getting the December 2023 security update. One such phone is the Galaxy A32 5G. The device is getting the December 2023 security update in several Latin American countries.

Galaxy A32 5G gets December 2023 security update in Latin America

The December 2023 security update is now rolling out to the Galaxy A32 5G, and it comes with firmware version A326BXXS9CWK9. The update is available in Brazil, Chile, Colombia, and the Dominican Republic. It fixes 75 security flaws found in the previous version of the phone’s software. Since it is just a security update, don’t expect it to bring any new features or performance improvements.

If you have a Galaxy A32 5G and if you live in any of the Latin American countries mentioned above, you can now check for the new security update. You can do that by navigating to Settings » Software update and tapping Download and install. You can also use the manual firmware flashing process, but you would need to download the appropriate firmware file (version mentioned above) from our database and use the Odin tool on a computer running the Windows OS.

Samsung launched the Galaxy A32 5G in early 2021 with Android 11 onboard. It received the Android 12 update later that year and the Android 13 update in late 2022. It will not get the Android 14 update that has been released for several Samsung smartphones and tablets.

If you want to check out Android 14 (One UI 6.0) features, watch our in-depth video below. Moreover, you can upgrade from your Galaxy A32 5G to the Galaxy A34 by clicking the button below the video.

Source…

Samsung Galaxy A23 4G and Galaxy Tab S6 Lite (2022) get Android 14-based One UI 6 update


Samsung recently released the Android 14-based One UI 6 stable update for the Galaxy A23 5G, and now the Galaxy A23 4G is getting a taste of Samsung’s latest custom Android skin.

The update is rolling out for the Galaxy A23 4G with model code SM-A235F in Russia and SM-A235M in Panama with firmware versions A235FXXU4DWL1 and A235MUBU4DWL1, respectively. It comes with the One UI 6 features and the dated November 2023 Android security patch instead of the latest January 2024.

The One UI 6 update for the Samsung Galaxy Tab S6 Lite (2022) is rolling out in some European countries, including France. It has firmware version P613XXU4CWL1 and comes with the November 2023 Android security patch.

If you haven’t received the Android 14 update on your device yet, you can check for it manually by heading to its Settings > Software update menu.

Via 1, 2, 3

Source…

Centre issues high-risk warning for Samsung Galaxy phone users, here’s why


The Union government has issued a new advisory for all the Samsung Galaxy mobile phone users, asking them to immediately update their security systems and operating system (OS) to protect themselves from cyber attacks and hacking.

CERT has issued a high risk warning for Samsung users (Shutterstock)

The Indian Computer Emergency Response Team (CERT-In) has issued the high-risk security advisory on December 13, highlighting several security impacts on millions of Samsung Galaxy phones, with both newer and older models.

Stay tuned with breaking news on HT Channel on Facebook. Join Now

The category of concern for Samsung phones is “high-risk”, according to the advisory, and owners of these phones need to update their firmware of OS at the earliest.

CERT said in its notification, “Multiple vulnerabilities have been reported in Samsung products that could allow an attacker to bypass implemented security restrictions, access sensitive information, and execute arbitrary code on the targeted system.”

The agency said that the risk in these phones is due to the improper access control flaw in the SmartManagerCN component of the OS. The solution to this is to apply appropriate security updates in your Samsung Galaxy phones, as mentioned by the company.

What could happen if you don’t follow CERT advisory?

Samsung Galaxy phone owners could be subjected to several risks if they don’t update their security and OS, as directed by CERT-In. Here are some vulnerabilities highlighted in the advisory by the government.

  • Steal phone’s secret code (SIM PIN)
  • Shout loud commands to phone (broadcast with elevated privilege)
  • Peek into private AR Emoji files
  • Change the clock on the castle gate (Knox Guard lock)
  • Snoop around phone’s files (access arbitrary files)
  • Steal important information (sensitive information)
  • Control the phone like a puppet (execute arbitrary code)

– Take over the whole phone (compromise the targeted system)

Further, Samsung has issued instructions for all the users to make sure that they remain safe from these…

Source…