Google Project Zero Researcher Uncovers Zero-Click Exploit Targeting Samsung Devices

Teilen:

Cybersecurity researchers have detailed a now-patched security flaw impacting Monkey’s Audio (APE) decoder on Samsung smartphones that could lead to code execution.

The high-severity vulnerability, tracked as CVE-2024-49415 (CVSS score: 8.1), affects Samsung devices running Android versions 12, 13, and 14.

“Out-of-bounds write in libsaped.so prior to SMR Dec-2024 Release 1 allows remote attackers to execute arbitrary code,” Samsung said in an advisory for the flaw released in December 2024 as part of its monthly security updates. “The patch adds proper input validation.”

Google Project Zero researcher Natalie Silvanovich, who discovered and reported the shortcoming, described it as requiring no user interaction to trigger (i.e., zero-click) and a “fun new attack surface” under specific conditions.

Particularly, this works if Google Messages is configured for rich communication services (RCS), the default configuration on Galaxy S23 and S24 phones, as the transcription service locally decodes incoming audio before a user interacts with the message for transcription purposes.

“The function saped_rec in libsaped.so writes to a dmabuf allocated by the C2 media service, which always appears to have size 0x120000,” Silvanovich explained.

“While the maximum blocksperframe value extracted by libsapedextractor is also limited to 0x120000, saped_rec can write up to 3 * blocksperframe bytes out, if the bytes per sample of the input is 24. This means that an APE file with a large blocksperframe size can substantially overflow this buffer.”

In a hypothetical attack scenario, an attacker could send a specially crafted audio message via Google Messages to any target device that has RCS enabled, causing its media codec process (“samsung.software.media.c2”) to crash.

Samsung’s December 2024 patch also addresses another high-severity vulnerability in SmartSwitch (CVE-2024-49413, CVSS score: 7.1) that could allow local attackers to install malicious applications by taking advantage of improper verification of cryptographic signature.

Quelle

Kommentar verfassen

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert

lade-bild
London, GB
1:07 Uhr, März 27, 2025
Wetter-Symbol 7°C
L: 6° | H: 8°
wenige Wolken
Luftfeuchtigkeit: 84 %
Druck: 1024 mb
Wind: 5 mph SSW
Windböe: 0 mph
UV-Index: 0
Niederschlag: 0 mm
Wolken: 19%
Regen Chance: 0%
Sichtbarkeit: 10 km
Sonnenaufgang: 5:46 am
Sonnenuntergang: 6:24 pm
TäglichStündlich
Tägliche VorhersageStündliche Vorhersage
Today 9:00 pm
Wetter-Symbol
6° | 8°°C 0 mm 0% 9 mph 90 % 1024 mb 0 mm/h
Tomorrow 9:00 pm
Wetter-Symbol
7° | 12°°C 1 mm 100% 13 mph 93 % 1015 mb 0 mm/h
Sa. März 29 9:00 pm
Wetter-Symbol
4° | 12°°C 0 mm 0% 9 mph 78 % 1023 mb 0 mm/h
So. März 30 9:00 pm
Wetter-Symbol
7° | 17°°C 0 mm 0% 10 mph 82 % 1024 mb 0 mm/h
Mo. März 31 9:00 pm
Wetter-Symbol
8° | 15°°C 0 mm 0% 8 mph 86 % 1028 mb 0 mm/h
Today 3:00 am
Wetter-Symbol
8° | 9°°C 0 mm 0% 4 mph 87 % 1024 mb 0 mm/h
Today 6:00 am
Wetter-Symbol
8° | 8°°C 0 mm 0% 4 mph 90 % 1023 mb 0 mm/h
Today 9:00 am
Wetter-Symbol
11° | 11°°C 0 mm 0% 6 mph 69 % 1023 mb 0 mm/h
Today 12:00 pm
Wetter-Symbol
16° | 16°°C 0 mm 0% 7 mph 51 % 1021 mb 0 mm/h
Today 3:00 pm
Wetter-Symbol
17° | 17°°C 0 mm 0% 9 mph 47 % 1018 mb 0 mm/h
Today 6:00 pm
Wetter-Symbol
15° | 15°°C 0 mm 0% 7 mph 60 % 1017 mb 0 mm/h
Today 9:00 pm
Wetter-Symbol
12° | 12°°C 0 mm 0% 6 mph 78 % 1017 mb 0 mm/h
Tomorrow 12:00 am
Wetter-Symbol
10° | 10°°C 0 mm 0% 7 mph 82 % 1015 mb 0 mm/h
Name Preis24H (%)
Bitcoin(BTC)
€81,401.79
-0.24%
Ethereum(ETH)
€1,882.35
-2.32%
Fesseln(USDT)
€0.93
-0.01%
XRP(XRP)
€2.21
-3.45%
Solana(SOL)
€128.67
-4.06%
USDC(USDC)
€0.93
0.01%
Dogecoin(DOGE)
€0.182652
1.48%
Shiba Inu(SHIB)
€0.000013
2.34%
Pepe(PEPE)
€0.000008
7.32%
Peanut das Eichhörnchen(PNUT)
€0.214428
7.85%
Nach oben scrollen