With the release of the May 2020 security updates for its Android smartphones, Samsung also patched a critical vulnerability that has affected all of its devices since 2014. In addition to the Android-May 2020 security bulletin patches, the mobile phone maker has patched a total of 19 vulnerabilities in its smartphones. The most important of these vulnerabilities are two critical bugs in the bootloader security system and Quram library with qmg decoding.
The first vulnerability is a stack-based buffer overflow that could allow secure boot to be bypassed and lead to arbitrary code execution. Samsung said it has patched the flaw with proper validation, but did not provide further details.
The second vulnerability is a memory overwrite bug in the Quram qmg library that could lead to remote arbitrary code execution. The bug appears to affect all Samsung smartphones released since 2014. Since 2014, Samsung has added support for the Qmage (.qmg) image format designed by the Korean third-party company Quramsoft to its smartphones. According to researchers, this zero-day vulnerability can be exploited via malicious MMS (multimedia) messages without user interaction.
Since there are four main versions of Qmage, Samsung Android smartphones released since late 2014/early 2015 are at varying degrees of vulnerability. Also, since newer devices support all versions of Qmage, these devices face more bugs.
Exploiting this vulnerability on a Samsung smartphone running Android 10 (with the February 2020 security patches installed) and with the Samsung Messages app set as the default SMS/MMS handler, security researchers explain: “The vulnerable codec in the content The processed input images are executed by the target program and thus, the attacker obtains the points of that program. The Samsung Messages app has access to all kinds of personal user information, including call history, contacts, microphone, memory, text messages, and more.”
According to the researchers, only Samsung devices are affected by this vulnerability, because this vulnerable software was used only in the devices of this company.
This month, several high-severity vulnerabilities have also been patched in Samsung smartphones, including an arbitrary code execution bug in the Quram library with jpeg decoding, a sweeping search attack on the Gatekeeper Trustlet, and spoofing in select Broadcom Bluetooth chips (from PRNG with they use low entropy), is
Samsung also patched five low-severity vulnerabilities, including clipboard data leak via USSD in locked mode, heap overflow in bootloader, unauthorized change of first SIM card in locked mode, relative buffer write in S.LSI Wi-Fi drivers, and FRP bypass with SPEN , informed. The company did not provide information on the vulnerabilities patched this month.
