SamMobile has affiliate and sponsored partnerships. If you buy something through one of these links, we may earn a commission.

Notifications
    News for you

    October security patch fixes serious vulnerability affecting a few Samsung phones

    General
    By 

    Last updated: October 4th, 2019 at 14:20 UTC+02:00

    Earlier this week, Google’s Project Zero security analysis team revealed that cyber-attackers are exploiting a bug within Android OS, which affects 18 known phone models including three Samsung devices, namely the Galaxy S7, Galaxy S8, and Galaxy S9. The issue stems from a local privilege escalation vulnerability which can give attackers full control over an affected device.

    Google’s Project Zero team labeled it a “high severity vulnerability,” but the good news is that a fix has already been devised and will roll out along with the October 2019 security patch. The need for secrecy might be why Google has yet to detail the October 2019 security patch in an official changelog. Either way, the company said its Pixel 1 and 2 will no longer be vulnerable after the update, adding that a patch has also been made available to partners to make sure that the problem doesn’t spread throughout the Android ecosystem.

    Samsung already rolling out the October patch

    The severity of the bug could also be the reason why Samsung already launched the October security patch for several Galaxy devices, even as the changelog was missing. So far, Samsung released the October 2019 security patch for the Galaxy S10 5G, the Galaxy A20e, Galaxy A50, as well as the A30 and Galaxy J2 Core.

    Interestingly, all of these phones sans the Galaxy S10 5G follow the quarterly update schedule, and none of them have been mentioned by the Project Zero team as being vulnerable. Then again, the list of affected devices shared in Chromium isn’t final and there could be more phones that are or have been open to attacks.

    The vulnerability is reportedly being exploited by the NSO Group

    According to Project Zero, the vulnerability can be exploited either when a user installs an untrusted app, or via a web browser by combining it with another exploit residing in the code that determines how content is being rendered in Chrome.

    Project Zero member, Maddie Stone, said there are reasons to believe the vulnerability is being exploited by the NSO Group or its clients. This is an Israel-based exploit developer and is known to sell its malicious product to various governmental bodies. A few years ago the same group was responsible for developing the “Pegasus” spyware for mobile devices, which was designed to jailbreak or root iOS / Android phones and expose private data.

    How to keep safe

    Because the vulnerability requires either an additional app to open up the exploit or a second exploit within the Chrome web browser for it to work, it shouldn’t be difficult to keep your phone safe even if you haven’t received the October 2019 security patch yet. Just be mindful of what third-party apps you install and refrain from installing apps from untrusted sources. Likewise, you might want to use a different mobile web browser instead of Chrome, at least until the vulnerability will be fully patched.

    Via GeneralPhone Galaxy S7Samsung Galaxy S8Samsung Galaxy S9

    You might also like

    Galaxy S24 sales surpass 1 million mark in South Korea, beating Galaxy S8

    Galaxy S24 sales surpass 1 million mark in South Korea, beating Galaxy S8

    The Galaxy S24 series has received tremendous response since its launch last month. Samsung's new flagship smartphone series broke pre-order records in several countries, including India and South Korea. Samsung has revealed that the Galaxy S24 series sales have crossed 1 million in its home country in record time. Galaxy S24 sales cross 1 million […]

    • By Asif Iqbal Shaik
    • 3 months ago
    Galaxy Note 7 fiasco might have given Oppo an important employee

    Galaxy Note 7 fiasco might have given Oppo an important employee

    Samsung and Oppo recently found themselves competing in the foldable phone market even though they barely operate in the same regions. However, OnePlus is an Oppo subsidiary representing its parent company in the foldable phone segment outside China. OnePlus's first Z Fold-like foldable device called ‘Open' is essentially the same Oppo Find N3 announced for […]

    • By Mihai Matei
    • 7 months ago
    Galaxy S24 Ultra could share a design element with the Galaxy S9

    Galaxy S24 Ultra could share a design element with the Galaxy S9

    With Samsung's biggest phone launches for 2023 done and dusted, the company is no doubt focusing all its efforts on the Galaxy S24 lineup. The rumor mill has given us plenty of information about the Galaxy S24, Galaxy S24+, and Galaxy S24 Ultra over the last few weeks, and we have also seen the design […]

    • By Abhijeet Mishra
    • 7 months ago
    Galaxy S23 FE might bring back this iconic Galaxy S9 color

    Galaxy S23 FE might bring back this iconic Galaxy S9 color

    Slowly but surely, leaks and rumors keep coming in to paint a more complete picture of the upcoming Galaxy S23 FE. The latest bit of information we received about the next Fan Edition device pertains to color options, and by the looks of it, Samsung might bring back a rare shade of purple. Here's a […]

    • By Mihai Matei
    • 8 months ago
    Samsung releases new firmware update for the Galaxy S6 series

    Samsung releases new firmware update for the Galaxy S6 series

    Several old Samsung Galaxy S-series phones were suffering from the GPS issue, which the company has been fixing by delivering updates. Galaxy devices such as the Galaxy S8 from 2017, and the Galaxy S7 from 2016, have already bagged the GPS bug fix update, and now it is time for an even older series, the […]

    • By Sagar Naresh
    • 2 years ago
    Samsung releases important update for discontinued Galaxy S7 and S8

    Samsung releases important update for discontinued Galaxy S7 and S8

    Up until a couple of years ago, even Samsung flagship smartphones only received two major Android OS upgrades and three years of security updates. The company now provides the best software support of any Android OEM. Many devices now receive four Android OS upgrades and five years of security updates. The Galaxy S7 and Galaxy […]

    • By Adnan Farooqui
    • 2 years ago