SamMobile has affiliate and sponsored partnerships. If you buy something through one of these links, we may earn a commission.

Notifications
    News for you

    [Updated] Samsung keeps ignoring a huge security flaw in millions of Galaxy phones

    General
    By 

    Last updated: April 4th, 2023 at 13:26 UTC+02:00

    A massive Mali GPU security flaw that virtually affects millions of Samsung phones running on Exynos chipsets was confirmed last year in November. Since then, this Mali vulnerability became a part of a chain that hackers successfully exploited to lead unsuspecting Samsung Internet users to malicious websites. And although that particular exploit chain was broken, the Mali security flaw uncovered last year continues to affect almost every Samsung device powered by Exynos, save for the Galaxy S22 and its Xclipse 920 GPU.

    Google's Threat Analysis Group (TAG) revealed the exploit chain earlier today. In December 2022, TAG discovered this exploit chain that relies on multiple 0-day and n-day vulnerabilities and targets the Chrome and Samsung Internet browsers.

    More specifically, two vulnerabilities in this chain concern Chrome. And since Samsung Internet Browser uses Chromium, the app was used as an attack vector in conjunction with the Mali GPU kernel driver vulnerability reported last year. This Mali exploit grants attackers system access.

    Through this chain of exploits, hackers would send one-time links via SMS to Samsung Galaxy devices located in the UAE (United Arab Emirates). The links would redirect unsuspecting users to a page that would deliver “a fully featured Android spyware suite written in C++ that includes libraries for decrypting and capturing data from various chat and browser applications.”

    The chain was broken. But Samsung keeps ignoring the Mali GPU issue

    What's the current situation? Well, Google fixed those two Chrome vulnerabilities mentioned above and patched its own Pixel phones at the beginning of 2023. Samsung also fixed its Samsung Internet browser in December 2022. The Korean tech giant addressed the two flaws related to Chromium (CVE-2022-4262 and CVE-2022-3038) through an Internet browser app update after version 19.0.6.

    Samsung broke the exploit chain that was leveraging its Chromium-based Internet app and the Mali kernel vulnerability in December, and it appears that the attacks on users in the UAE have stopped. However, one glaring issue remains.

    The exploit chain Google detailed today was addressed thanks to Samsung Internet browser updates in December. But one link in the chain, consisting of the massive Mali security vulnerability (CVE-2022-22706), remains unpatched on Samsung devices equipped with Exynos chipsets and Mali GPUs. That is, despite the fact that Mali already provided a fix for its kernel driver exploit as early as January 2022.

    Until Samsung mends this issue through a security firmware patch containing the Mali fix, it appears that the majority of Galaxy devices featuring Exynos SoCs remain vulnerable to the Mali GPU kernel driver exploit.

    Update: Samsung reached out to us with the following statement “Samsung takes the security of its products very seriously. We have already taken necessary steps to prevent these potential exploit chains by issuing patches for the Samsung Internet app in December 2022. December's updates to the Samsung Internet app disable entry points for the remaining vulnerabilities and ensure devices are protected.

    We are actively collaborating with our partners to release patches for the remaining vulnerabilities as early as possible, starting April, and recommend all users keep their devices updated with the latest software to ensure the highest level of protection possible.”

    FirmwareGeneralPhone ExynosSamsung Electronics

    You might also like

    Apple Vision Pro 2 could use more Samsung tech and be cheaper

    Apple Vision Pro 2 could use more Samsung tech and be cheaper

    Apple's first Vision Pro mixed reality headset may have failed to change the world due to its high price and relatively undercooked feature set. Even so, the Vision Pro seemingly marks the beginning of a new device category for Apple. In other words, it might not be a one-off device but the start of a […]

    • By Mihai Matei
    • 15 hours ago
    Samsung will massively increase its annual investment in Vietnam

    Samsung will massively increase its annual investment in Vietnam

    Samsung Electronics is boosting its investment in Vietnam, its largest smartphone manufacturing hub. Samsung's Chief Financial Officer Park Hark-kyu and Vietnamese Prime Minister Pham Minh Chinh met last week to shake hands on these latest financial agreements. According to state-owned Vietnamese media cited by Korea JoongAng Daily, Samsung Electronics intends to increase its annual investment […]

    • By Mihai Matei
    • 17 hours ago
    Apple’s logo is now a heatsink

    Apple’s logo is now a heatsink

    Apple's latest iPad Pros announced earlier this week must look quite interesting even for Samsung. The new models are the industry's first to use Tandem OLED displays supplied by the Korean tech giant (and LGD) and boast a few other innovations that garnered attention in the media. A few examples are that the new iPad […]

    • By Mihai Matei
    • 3 days ago
    The Galaxy experience can be messy for first-time users

    The Galaxy experience can be messy for first-time users

    Some say it's always better to have more options, but it's never as clear-cut as it sounds. This design philosophy doesn't always work, and more importantly, it isn't a magical shortcut that can patch everything up and always lead to a better user experience. On the contrary, if not handled properly, I believe the “more […]

    • By Abhijeet Mishra
    • 5 days ago
    Buying a low or mid-range Galaxy phone is getting confusing again

    Buying a low or mid-range Galaxy phone is getting confusing again

    A few years ago, Samsung went on a crusade to abolish the confusopoly it inadvertently created by offering too many choices in the low and mid-range Galaxy phone market segments. The company disposed of the Galaxy J series and simplified things. It focused solely on a few Galaxy A models, and in markets such as […]

    • By Mihai Matei
    • 1 week ago
    Samsung displays to power cutting-edge Racing Unleashed sim rigs

    Samsung displays to power cutting-edge Racing Unleashed sim rigs

    Sim racing gained a lot of popularity in recent years, with many more enthusiasts than ever wanting to experience the thrill of racing or driving from the comfort of their homes. Incidentally, Samsung display technologies and sim racing often overlapped, and that's even more true now that Samsung and Racing Unleashed have entered a new […]

    • By Mihai Matei
    • 1 week ago