Critical vulnerability on Samsung devices: Patch released

Critical vulnerability on Samsung devices: Patch released

 An open has been detected in the Phone application that comes by default on Samsung smartphones. Applications can run system-level functions through this vulnerability.

 A critical deficit has emerged in Samsung phones, which reach hundreds of millions of people every year. Thanks to the long-standing vulnerability, it is possible to access some critical functions on phones without the user's knowledge. The CVE-2022-22292 vulnerability detected by Kryptowire is effective between operating systems between Android 9 and 12. The vulnerability is caused by an insecure component within the phone app, allowing apps to access system-level functions. Apps can factory reset the system, make phone calls, install apps, and weaken HTTPS security. During this time, the user is not asked for any permission.

 The vulnerability reported to Samsung in November was considered high risk by the firm and patched. It is stated that the patch has been distributed to phones in the February updates. However, there may be users who are affected by the vulnerability in the two-three-month period in between.

Comments