Google Project Zero Researcher Discovers Exploit In Samsung Devices » TechWorm

by CybrGPT
0 comment

Researchers at Google Project Zero on Friday disclosed a now-patched zero-click vulnerability that could allow remote attackers to execute arbitrary code on Samsung devices without any user interaction.

The vulnerability tracked as CVE-2024-49415 (CVSS score: 8.1) is an out-of-bounds write issue in the saped_rec function of the libsaped.so library, a library of C2 media service responsible for audio playback. It affected the Monkey’s Audio (APE) decoder used in Samsung’s flagship Galaxy S23 and S24 devices running Android versions 12, 13, and 14.

“Out-of-bound write in libsaped.so prior to SMR Dec-2024 Release 1 allows remote attackers to execute arbitrary code. The patch adds proper input validation,” read the advisory for the flaw released in December 2024 as part of Samsung’s monthly security updates.

How the attack could be performed?

Natalie Silvanovich, a Google Project Zero researcher who identified and reported the vulnerability to Samsung on September 21, 2024, said that the attack could be carried out by sending a malicious audio file that does not require any user involvement (zero-click), making it potentially dangerous.

The flaw occurred due to Samsung’s handling of RCS (rich communication services) messages, specifically in how incoming audio messages are parsed and processed through the Google Messages app in Android. This setting is enabled by default on the Galaxy S23 and S24 models.

“The function saped_rec in libsaped.so writes to a dmabuf allocated by the C2 media service, which always appears to have size 0x120000. While the maximum blocksperframe value extracted by libsapedextractor is also limited to 0x120000, saped_rec can write up to 3 * blocksperframe bytes out, if the bytes per sample of the input is 24. This means that an APE file with a large blocksperframe size can substantially overflow this buffer,” Silvanovich wrote in her bug report.

“Note that this is a fully remote (0-click) bug on the Samsung S24 if Google Messages is configured for RCS (the default configuration on this device), as the transcription service decodes incoming audio before a user interacts with the message for transcription purposes.”

In a hypothetical attack scenario, an attacker can exploit the vulnerability by sending a specially crafted audio message on RCS-enabled devices, causing the device’s media codec process (“samsung.software.media.c2”) to crash and open a way for further exploitation.

In addition to the above flaw, Samsung’s December 2024 update also fixed another vulnerability: CVE-2024-49413 (CVSS score: 7.1), involving the SmartSwitch app. This flaw allowed local attackers allowed local attackers to install malicious applications by exploiting insufficient cryptographic signature verification.

While Samsung has fixed the flaws, it is recommended that users update their RCS-enabled devices with the latest security updates. Additionally, it is advisable to disable RCS in Google Messages to reduce the risk of zero-click exploits further.

Source link

You may also like

Leave a Comment

Stay informed with the latest in cybersecurity news. Explore updates on malware, ransomware, data breaches, and online threats. Your trusted source for digital safety and cyber defense insights.

BuyBitcoinFiveMinute

Subscribe my Newsletter for new blog posts, tips & new photos. Let’s stay updated!

© 2025 cybrgpt.com – All rights reserved.