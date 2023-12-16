Breaking News
Govt issues warning for Samsung Galaxy phone users, advises urgent update

Updated on: 16 December,2023 02:24 PM IST  |  New Delhi
The Centre’s nodal agency for cyber security, Indian Computer Emergency Response Team (Cert-In), has issued a high-risk warning for Samsung smartphones

Representational Image

The Centre has issued a new advisory for all the Samsung Galaxy mobile phone users. The Union government has asked them to immediately update their phones to protect themselves from cyber attacks and hacking.


The Centre’s nodal agency for cyber security, Indian Computer Emergency Response Team (Cert-In), has issued a high-risk warning for Samsung smartphones.


The Indian Computer Emergency Response Team (CERT-In) has issued the high-risk security advisory on December 13, highlighting several security impacts on millions of Samsung Galaxy phones, with both newer and older models.


The category of concern for Samsung phones is "high-risk", according to the advisory, and owners of these phones need to update their firmware of OS at the earliest.

CERT-In classified the vulnerabilities as high-risk and stressed the urgent need for Samsung users to upgrade their phones' operating systems. Samsung Mobile Android versions 11, 12, 13, and 14 are vulnerable to such attacks, the report said. 

"Multiple vulnerabilities have been reported in Samsung products that could allow an attacker to bypass implemented security restrictions, access sensitive information, and execute arbitrary code on the targeted system," CERT-In said.

"These vulnerabilities exist due to improper access control flaw in Knox Custom Manager Service and Smart Manager CN component, integer overflow vulnerability in face preprocessing library; improper authorisation verification vulnerability in AR emoji, improper exception management vulnerability in Knox Guard, various out of bounds write vulnerabilities in bootloader, HDCP in HAL, libIfaaCa and libsavsac.so components, improper size check vulnerability in softsimd, improper input validation vulnerability in Smart-Clip and implicit intent hijacking vulnerability in contacts," read the detailed statement.

The exploitation of these vulnerabilities may allow an attacker to trigger heap overflow and stack-based buffer overflow, access device SIM PIN, send broadcast with elevated privilege, read sandbox data of AR Emoji, bypass Knox Guard lock via changing system time, access arbitrary files, gain access to sensitive information, execute arbitrary code and compromise the targeted system, the agency said.

Meanwhile, Samsung Mobile has announced the rollout of a maintenance release as part of its December 2023 security update.

“Samsung Mobile is releasing a maintenance release for major flagship models as part of the monthly Security Maintenance Release (SMR) process. This SMR package includes patches from Google and Samsung,” said the South Korean smartphone major on its website.

(With inputs from Agencies)

