With the May 2020 Android protection patch, Samsung has set a critical zero-click on vulnerability that impacted all its smartphones bought due to the fact 2014. The security flaw exploited how the firm’s Android skin handles the ‘Qmage’ picture format (.qmg).
Qmage is a tailor made graphic format formulated by South Korean firm Quramsoft. Samsung begun supporting .qmg documents in its Galaxy smartphones since 2014. The organization reportedly works by using them in Samsung Themes.
On the other hand, that implementation seemingly experienced major vulnerabilities. Mateusz Jurczyk, a security researcher performing with Google’s Venture Zero bug-searching workforce, not too long ago found out a way to exploit it (by means of ZDNet).
The vulnerability exploits how Skia (Android’s graphics library) handles .qmg photographs sent to a Samsung smartphone. The bug can be exploited in a zero-simply click situation, which indicates it won’t need to have any person conversation.
Samsung fixes the zero-click on vulnerability with May well 2020 update
The Android OS redirects all images been given by the machine to the Skia library for processing and creating thumbnail previews. This occurs with out a user’s know-how.
Jurczyk could exploit the bug by sending recurring MMS messages to Samsung telephones. Given that those people pictures are redirected to the Skia library, he could guess the placement of the library in the device’s memory.
Being aware of the location of the Skia library means he could then bypass Android’s ASLR (Address Space Layout Randomization) protection. Once the library was positioned, one particular more MMS made up of a Qmage file is sent to the cellphone. This file would then execute the attacker’s code on the device.
Jurczyk suggests it takes anywhere among 50 and 300 MMS messages to exploit this vulnerability. The approach usually takes about 100 minutes on regular. The bug can be exploited by way of any app that can get Qmage photographs, including Samsung’s Messages app.
The researcher could even get MMS messages completely processed by the Skia library with no triggering a notification audio. So totally stealth attacks are incredibly a great deal probable.
Jurczyk discovered and described the vulnerability to Samsung in February. The South Korean firm at some point patched it with the Might 2020 Android protection update.
The May protection routine maintenance launch for Samsung smartphones also contains fixes for 18 other Samsung Vulnerabilities and Exposures (SVE), the vulnerabilities that are distinctive to Samsung’s personalized Android skin. In addition, it also fixes 9 significant and dozens of superior and average-risk Android OS vulnerabilities.
Samsung commenced rolling out the May perhaps 2020 Android safety update final week. The update has so far been released for the Galaxy S20, Galaxy Fold, Galaxy Observe 10, Galaxy S10, Galaxy Z Flip, and the Galaxy A50 phones. It need to also be accessible to other eligible Galaxy smartphones in the coming months.