Two critical vulnerabilities in Samsung Galaxy S21 smartphones

Two vulnerabilities have been reported to be detected in Samsung Galaxy S21 devices whose malicious exploitation would allow threat actors to deploy various hacking tasks on the compromised devices.

Below are brief descriptions of the reported flaws, in addition to their respective scores assigned under the Common Vulnerability Scoring System (CVSS). It is worth mentioning that these flaws do not have a CVE identification key.

No CVE key: Improper disinfection of user-provided data within the Galaxy Store app would allow threat actors to create a seemingly legitimate link that would redirect users to an arbitrary domain from which a remote code execution (RCE) attack can be performed.

This is a highly severe vulnerability and received a CVSS score of 7.7/10.

No CVE key: Improper error handling when accessing trusted URLs would allow malicious hackers0 on the local network to trick users into visiting malicious websites or opening specially crafted files that will lead to an RCE scenario on the affected systems.

According to the report, the flaws reside in all versions of the Samsung Galaxy S21 software, making it a widespread problem.

While vulnerabilities can be exploited by unauthenticated remote threat actors, no active exploitation attempts have been detected so far. Still, users of affected devices are encouraged to apply the available updates as soon as possible.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.