Mobile security company Kryptowire has discovered that some Samsung phones may be vulnerable to a bug labeled CVE-2022-22292. It is capable of giving malicious third-party applications a very dangerous level of control. It applies more precisely to some smartphones Galaxy running on Androidat 9 to 12.
Gallery
The vulnerability was found in various Samsung phones, including flagships from years past such as Galaxy S21 Ultra or Galaxy S10+, but also, for example, in a model for the middle class Galaxy A10e. The vulnerability was pre-installed in the phone app and could grant system user permissions and capabilities to a third-party app without the user's knowledge. The root cause was incorrect access control manifesting in the Phone app, and the issue was specific to Samsung devices.
You could be interested in
The vulnerability could allow an unauthorized application to perform various actions, such as installing or uninstalling random applications, resetting the device to factory settings, calling random numbers, or weakening HTTPS security by installing its own root certificate. Samsung was informed about it at the end of last year, after which it called it highly dangerous. He fixed it a few months later, specifically in the February security update. So if you have a phone Galaxy s Androidem 9 and above, which is most likely anyway, make sure you have it installed.
