The Indian government says Samsung users should update their phones now due to a security problem. The warning is from CERT-In. The government warns that these problems may let attackers bypass security, access sensitive information, and take control of systems.
CERT-In warns about many problems in Samsung products in the Vulnerability Note CIVN-2023-0360. The Indian Computer Emergency Response Team (CERT-In) noted that the affected software includes Samsung Mobile Android versions 11, 12, 13, and 14. The government suggests downloading apps only via Google Play Store and avoiding using other third-party downloads and installations. Additionally, the government advises users to download the latest official updates for Samsung.
CERT-In pointed out that these issues occur because of problems such as not controlling access properly in KnoxCustomManagerService and SmartManagerCN, an overflow glitch in the face pre-processing library, wrong authorization checks in AR Emoji, poor exception handling in Knox Guard, writing errors in the bootloader, issues with HDCP in HAL libIfaaCa and libsavsac. so components, size check problems in soft mind, validation errors in Smart-Clip, and a vulnerability in contacts allowing implicit intent hijacking.
If someone takes advantage of these weaknesses, they could make the device’s memory overflow, access the SIM PIN, send powerful broadcasts, read AR Emoji’s data, get past Knox Guard by changing the system time, and gain access to files and sensitive info. They could also execute code and compromise the target system.