We got the best Samsung deals! Galaxy S24 Ultra, Watch 6, Z Fold 5 or, Z Flip 5.

SamMobile has affiliate and sponsored partnerships. If you buy something through one of these links, we may earn a commission.

Notifications
    News for you

    [Updated] Samsung keeps ignoring a huge security flaw in millions of Galaxy phones

    General
    By 

    Last updated: April 4th, 2023 at 13:26 UTC+02:00

    A massive Mali GPU security flaw that virtually affects millions of Samsung phones running on Exynos chipsets was confirmed last year in November. Since then, this Mali vulnerability became a part of a chain that hackers successfully exploited to lead unsuspecting Samsung Internet users to malicious websites. And although that particular exploit chain was broken, the Mali security flaw uncovered last year continues to affect almost every Samsung device powered by Exynos, save for the Galaxy S22 and its Xclipse 920 GPU.

    Google's Threat Analysis Group (TAG) revealed the exploit chain earlier today. In December 2022, TAG discovered this exploit chain that relies on multiple 0-day and n-day vulnerabilities and targets the Chrome and Samsung Internet browsers.

    More specifically, two vulnerabilities in this chain concern Chrome. And since Samsung Internet Browser uses Chromium, the app was used as an attack vector in conjunction with the Mali GPU kernel driver vulnerability reported last year. This Mali exploit grants attackers system access.

    Through this chain of exploits, hackers would send one-time links via SMS to Samsung Galaxy devices located in the UAE (United Arab Emirates). The links would redirect unsuspecting users to a page that would deliver “a fully featured Android spyware suite written in C++ that includes libraries for decrypting and capturing data from various chat and browser applications.”

    The chain was broken. But Samsung keeps ignoring the Mali GPU issue

    What's the current situation? Well, Google fixed those two Chrome vulnerabilities mentioned above and patched its own Pixel phones at the beginning of 2023. Samsung also fixed its Samsung Internet browser in December 2022. The Korean tech giant addressed the two flaws related to Chromium (CVE-2022-4262 and CVE-2022-3038) through an Internet browser app update after version 19.0.6.

    Samsung broke the exploit chain that was leveraging its Chromium-based Internet app and the Mali kernel vulnerability in December, and it appears that the attacks on users in the UAE have stopped. However, one glaring issue remains.

    The exploit chain Google detailed today was addressed thanks to Samsung Internet browser updates in December. But one link in the chain, consisting of the massive Mali security vulnerability (CVE-2022-22706), remains unpatched on Samsung devices equipped with Exynos chipsets and Mali GPUs. That is, despite the fact that Mali already provided a fix for its kernel driver exploit as early as January 2022.

    Until Samsung mends this issue through a security firmware patch containing the Mali fix, it appears that the majority of Galaxy devices featuring Exynos SoCs remain vulnerable to the Mali GPU kernel driver exploit.

    Update: Samsung reached out to us with the following statement “Samsung takes the security of its products very seriously. We have already taken necessary steps to prevent these potential exploit chains by issuing patches for the Samsung Internet app in December 2022. December's updates to the Samsung Internet app disable entry points for the remaining vulnerabilities and ensure devices are protected.

    We are actively collaborating with our partners to release patches for the remaining vulnerabilities as early as possible, starting April, and recommend all users keep their devices updated with the latest software to ensure the highest level of protection possible.”

    FirmwareGeneralPhone ExynosSamsung Electronics

    You might also like

    Samsung’s first acquisition in 7 years could be of an AC company

    Samsung’s first acquisition in 7 years could be of an AC company

    Despite having billions of dollars in cash, Samsung hasn't made any acquisitions over the past seven years. Its last major acquisition was that of Harman International. Recent reports have suggested that the company is looking to be more active in the mergers and acquisitions segment now, and it appears Samsung may already have a large.t […]

    • By Adnan Farooqui
    • 6 hours ago
    Samsung expects 2024 chip revenue returning to 2022 level

    Samsung expects 2024 chip revenue returning to 2022 level

    A significant decline in chip revenue has hurt Samsung's profits significantly, but the company is now expecting a return to form, on the back of increased demand for memory products for AI applications. The company is now expecting its chip revenue this year to return to the 2022 level, which was before the downturn, and […]

    • By Adnan Farooqui
    • 3 days ago
    NVIDIA CEO signs his approval on Samsung’s HBM3E memory, literally

    NVIDIA CEO signs his approval on Samsung’s HBM3E memory, literally

    Samsung's HBM3E 12H advanced memory chips have received high praise from NVIDIA CEO Jensen Huang recently. He confirmed that the company is testing these new memory models for integration into its GPUs, as unrelenting demand continues for its products. Such is the nature of the close collaboration between these two titans of the industry that […]

    • By Adnan Farooqui
    • 3 days ago
    Samsung Electronics gets $4.3 billion from Samsung Display to fund semiconductor expansion

    Samsung Electronics gets $4.3 billion from Samsung Display to fund semiconductor expansion

    Samsung Electronics is the leading supplier of memory chips and other semiconductor products. It has been heavily investing in the expansion of its production facilities as demand for memory products, particularly High Bandwidth Memory, is expected to rise in the coming quarters. There are many subsidiaries that operate under Samsung Electronics. Samsung Display is one […]

    • By Adnan Farooqui
    • 4 days ago
    Amid AI boom, NVIDIA is loving Samsung’s advanced memory chips

    Amid AI boom, NVIDIA is loving Samsung’s advanced memory chips

    NVIDIA has emerged as the leading supplier of AI semiconductor solutions across the globe. There's incredible demand for its products as companies jump on the AI bandwagon with new solutions and services. AI semiconductors require advanced memory chips and Samsung finds itself in a good position to cash in on this boom. It has a […]

    • By Adnan Farooqui
    • 4 days ago
    Samsung doubling down on AI to secure business growth

    Samsung doubling down on AI to secure business growth

    Amid uncertainties in the global business environment, Samsung is doubling down on what it considers to be a significant driver of future growth. We've seen an increasing application of artificial intelligence in its products, from smartphones to even washing machines, and the company has said it will continue to focus on AI to drive growth. […]

    • By Adnan Farooqui
    • 5 days ago