21 critical vulnerabilities affect millions of Samsung smartphones. Patches now available

Another day and another security issue affecting mobile devices. Information security experts from tech company Samsung have confirmed the presence of some security vulnerabilities affecting users of multiple smartphones, including the following models

  • Galaxy S8, S9, S10, S10e, S10 Plus, S10 5G, Note 10 and Note 10 Plus

In total, 21 flaws were discovered, one of which is considered critical; 3 are of high severity, while the rest are considered moderate severity. Of the 21 vulnerabilities, 17 are related to Samsung One user interface, while the remaining four reside on the Android operating system.

According to information security specialists, the critical vulnerability, tracked as CVE-2019-2215, resides in the Android operating system and, if exploited, would allow a threat actor to gain control of the compromised device through a malicious app or through physical access to the smartphone. Patches to fix this flaw, and all other vulnerabilities on Android, began to be implemented a couple of days ago. The company and experts recommend that users update as soon as possible.

Among the vulnerabilities in Samsung is SVE-2019-15435, which affects Galaxy S9 and Note S9 devices. For now, no major details are known about these errors, as they were informed to the company confidentially, to mitigate the risk of exploitation until the patches were ready.

Company figures indicate that there are about 30 million users of Samsung Galaxy 9 devices and another 10 million users of Note 9, so the vulnerability could affect up to 40 million users, mentioned information security specialists.

Because no technical details have been released about these vulnerabilities, it is difficult to depict a potential attack scenario. All Samsung has revealed about it is that it is necessary to improve IMEI security mechanisms to prevent the exploitation of this flaw. This information suggests that the vulnerability could be related to a way to avoid IMEI blacklisting, which prevents stolen equipment from being illegally reactivated and sold again.

Although implementing this set of updates might cause some performance issues on your computer (something similar to each new Microsoft update), the International Institute of Cyber Security (IICS) information security specialists recommend updating as soon as possible, otherwise the device remains exposed to multiple security risks: “When vulnerabilities are revealed it begins a race against time for hackers, which they will try to develop an exploit as soon as possible to engage unsuspecting users,” the specialists say.