Samsung has just fixed a serious issue with some of its phones and it’s vital that you update your device right now.
Millions of Samsung users could be at risk unless they download the very latest update for their devices. That’s the latest warning from the team at Google’s Threat Analysis Group who say they have spotted a flaw – named CVE-2024-44068 – in some Galaxy phones that could put owners – and their data – at risk.
Although this bug hasn’t been given a dreaded critical rating it’s not something anyone should ignore. If an attack is successful it may give hackers privileges which will allow them to take control of phones and perform tasks remotely.
The bug affects a bunch of devices running Samsung’s own Exynos 9820, 9825, 980, 990, 850, and W920 processors.
Some of these chips are found in hugely popular devices such as the Galaxy S10 which have been sold millions of times across the globe.
“An issue was discovered in the m2m scaler driver in Samsung Mobile Processor and Wearable Processor Exynos 9820, 9825, 980, 990, 850, and W920. A use-after-free in the mobile processor leads to privilege escalation,” a NIST advisory stated.
It’s now a good idea to check your device and download the very latest updates from Samsung as these fix any bugs or future attacks.
• To update your phone simply swipe down from the top of the screen, and then tap the Settings icon.
• Swipe to and then tap Software update, or System updates. It will vary between models.
• Tap Download and install, Check for system updates, or Check for software updates.
• If an update is available it should begin downloading automatically, although you may need to tap Download now on some devices
Commenting on this latest bug, Boris Cipot, senior security engineer at Black Duck, said: “Although this vulnerability may not be classified as highly critical, it still poses potential risks that users of affected devices need to be aware of. By exploiting CVE-2024-44068, an attacker can gain elevated access, allowing them to take control of the device and bypass its security measures.
“Once inside, the attacker could run malicious code, steal data, or even spy on the user, depending on their strategy and motivations.
“To protect against this, users should first ensure they have the latest security patches installed. The most recent update, released in October, addresses this vulnerability.”
