Samsung's Galaxy Note10+ 5G smartphone is displayed at a telecom shop in Seoul on January 8, 2020. - Samsung Electronics' operating profits fell by more than a third in the fourth quarter, the world's biggest manufacturer of smartphones and memory chips estimated on January 8. (Photo by Jung Yeon-je / AFP) (Photo by JUNG YEON-JE/AFP via Getty Images)

Samsung fixes 2014 security breach

The company sent an update which is linked to an error in the processing of images in Qmage format

Last updated May 7, 2020

amsung distributed a security update to correct a vulnerability present in its smartphones since 2014, and linked to the processing of images in Qmage format that, if exploited, could allow the execution of remote code on the smartphone.

The problem was identified in January this year by Mateusz Jurczyk, a cybersecurity researcher at Project Zero (Google), who, according to his tests, determined that it affected the South Korean brand’s smartphones since 2014.

Jurczyk explains that when a user receives an image through Samsung’s Messages (MMS) application, the system redirects the image to the Skia graphics library for processing. In the case of the .qmg image format, this could reveal the location of the library within the phone’s memory, and allow a hacker to execute remote code.

Samsung corrected the vulnerability (SVE-2020-16747) in the May update, where it thanks its input to Jurczyk, as well as other researchers who informed the company of other security issues.

K. Tovar

Source: Android4All