Samsung clears the bug from its smartphones since 2014
By MYBRANDBOOK
Samsung has released a security patch this week that brings a critical fix for its devices. The security flaw was first brought to light by a security researcher with Google’s Project Zero team. The flaw resides in how Samsung’s version of Android OS handles the custom Qmage image format (.qmg). Samsung started supporting this custom image format on all devices released since late 2014.
Mateusz Jurczyk, a Security Researcher with Google’s Project Zero team, discovered a way to exploit the vulnerability. The vulnerability exploits how Skia (the Android graphics library) handles Qmage images sent to a device.
Jurczyk says the Qmage bug can be exploited without user interaction leading to a zero-click scenario. This happens because Android redirects all images sent to a device to the Skia library for processing without a user’s knowledge. Samsung fixes a critical bug
According to the report, the researcher developed a proof-of-concept demo exploiting the bug against the Samsung Messages app. The app included on all Samsung devices, is responsible for handling SMS and MMS messages.
Jurczyk further notes that once the Skia library is located in memory, a last MMS delivers the actual Qmage payload. It then executes the attacker’s code on a device.
The researcher also notes that the attack usually needs between 50 and 300 MMS messages to probe and bypass the ASLR. In other words, it will take around 100 minutes to execute the attack. While it might look noisy and time consuming, the researcher adds that it can be done without alerting the user.
Singapore to remove One-Time Passwords from Bank Accounts
According to the Monetary Authority of Singapore, clients who utilise secur...
Is 375 million Airtel subscribers database breached?
When a hacker claims to have accessed and put up for sale a customer databa...
The government of India intends to construct a single portal f
A single portal will be launched by the Indian government to list all of it...
OpenAI offers GPT-4o, a faster model available to all users at
GPT-4o, a faster and more sophisticated AI model, is made available to all...
ICONS OF INDIA : RITESH AGARWAL
Ritesh Agarwal is an Indian billionaire entrepreneur and the founder a...
Icons Of India : CP Gurnani
Former Managing Director and CEO of the well-known IT service company ...
Icons Of India : Debjani Ghosh
Debjani Ghosh is the President of the National Association of Software...
NPCI - National Payments Corporation of India
NPCI is an umbrella organization for operating retail payments and set...
CSC - Common Service Centres
CSC initiative in India is a strategic cornerstone of the Digital Indi...
IOCL - Indian Oil Corporation Ltd.
IOCL is India’s largest oil refining and marketing company ...
Indian Tech Talent Excelling The Tech World - ARVIND KRISHNA, CEO – IBM
Arvind Krishna, an Indian-American business executive, serves as the C...
Indian Tech Talent Excelling The Tech World - Thomas Kurian, CEO- Google Cloud
Thomas Kurian, the CEO of Google Cloud, has been instrumental in expan...
Indian Tech Talent Excelling The Tech World - Shantanu Narayen, CEO- Adobe Systems Incorporated
Shantanu Narayen, CEO of Adobe Systems Incorporated, is renowned for h...