Critical Vulnerability Corrects with May Security Update
The company Samsung has already released the May security update of its flagship devices such as the Galaxy S20 and Galaxy Fold, even ahead of Google. As it turned out, such a rush is justified – in the May patch, the critical vulnerability that was present on all the company’s smartphones released since 2014 is fixed.
All Samsung smartphones are in jeopardy, starting in 2014. Urgently updated
This was told by the authoritative publication ZDNet. Vulnerability SVE-2020-16747 was discovered by security specialist Mateusz Jurczyk from the Google Project Zero team.
The problem lies in the Qmage image format (.qmg), which is supported by all Samsung smartphones released since 2014, as well as the way the Android Skia graphics library works with such images sent to the device.
The specialist found an exploit that allows you to use these features. The method does not require any action on the part of the user, since Android redirects all images to the Skia library automatically, without notifying the user.
He demonstrated the vulnerability using the example of the Samsung Messages application, which is also present on all Samsung smartphones, sending repeated MMS to the device. As a result, the Qmage was delivered with the “load” in the last MMS, which allowed the malicious code to be executed on the device.
