Govt. issues alert for Samsung smartphones in India, says update your handsets now

tech.hindustantimes.com:

The Indian government has issued a critical alert to users of Samsung smartphones across the country, urging them to swiftly update their handsets in response to identified security vulnerabilities. The advisory, issued by the Computer Emergency Response Team of India (CERT-In) highlights a threat to Samsung devices operating on Android versions 11, 12, 13, and 14. These vulnerabilities, if exploited, could potentially allow unauthorised access to sensitive data on these devices.

CERT-In has categorised the risk as high, emphasising that attackers may exploit these vulnerabilities to circumvent security measures, access confidential information, and execute unauthorised code on targeted systems. The identified vulnerabilities pose a potential threat to various components within the Samsung ecosystem.

The detailed analysis by the government's cybersecurity team reveals a range of potential issues, including improper access control in Knox features, integer overflow flaws in facial recognition software, authorization concerns with the AR Emoji app, mishandling of errors in Knox security software, and multiple memory corruption vulnerabilities in different system components. Additionally, the vulnerabilities extend to issues like incorrect data size verification in the softsimd library, unvalidated user input in the Smart Clip app, and the hijacking of specific app interactions in contacts.

In the event that an attacker successfully exploits these vulnerabilities, the consequences could be severe. The official statement outlines potential outcomes, including triggering heap overflow and stack-based buffer overflow, accessing the device SIM PIN, sending broadcasts with elevated privilege, reading sandbox data of AR Emoji,