Google says some Samsung smartphones targeted with zero-day vulnerabilities, issues fixed – Times of India
As per a blog post by Google Project Zero security researcher Maddie Stone, these vulnerabilities were used as part of an exploit chain to target Samsung smartphones running Android OS. These loopholes allowed the attacker to gain read/ write privileges, essentially to gain access to the phone’s data.
“The first vulnerability in this chain, the arbitrary file read and write, was the foundation of this chain, used four different times and used at least once in each step,” Stone said. The researcher also says that the exploits were on Samsung smartphones powered Exynos chipsets running kernel version 4.14.113. These phones include the Galaxy S10, Galaxy A50, and the Galaxy A51.
The flaws were reportedly exploited by a malicious Android app which may have been installed from outside of the Google Play Store. The researcher says that an “in-the-wild sample that was obtained is a JNI native library file that would have been loaded as a part of an app.”
While the information about the vulnerability was first reported last week, an update on November 10 says that the malicious code may have gained access to the phone’s data without asking for the user’s permission. The users may have been tricked into installing the malicious app from outside of the app store.
The development comes at a time when multiple reports suggest that Google Play Store have malicious apps with malware which steal users’ information by various methods. These apps are usually listed under fun, tools or productivity sections.
How to protect yourself from malicious apps
The first and easiest way to keep your phone safe and your data private is to use Google Play Protect. It checks the apps installed on your phone for harmful behaviour. It is advised that you install apps from a reputable vendor on Google Play Store. Thirdly, you can install a reputable endpoint security app.
For all the latest Technology News Click Here