Kryptowire, a mobile cybersecurity company, discovered a vulnerability tracked as CVE-2022-22292 in Android 9, 10, 11, and 12 devices.
Kryptowire, a mobile cybersecurity company, discovered a vulnerability tracked as CVE-2022-22292 in Android 9, 10, 11, and 12 devices.
The CVE-2022-22292 vulnerability was discovered using Kryptowire Mobile Application Security Testing (MAST) on November 27, 2021.
The vulnerability has been rated as high severity, and the company addressed the issue in February with the release within the Security Maintenance Release process.
If you haven’t updated your phone yet, it's time to do it!
The vulnerability resides in the pre-installed Phone app that executes with system privileges on Samsung devices. Experts pointed out that the Phone app has an insecure component that permits local apps to conduct privileged operations without user interaction.
A remote attacker can trigger a vulnerability to push a factory reset (i.e., deleting all user data), install/uninstall apps, make phone calls ( including emergency numbers such as 911), and weaken HTTPS security through unverified certificates.
It can even go as far as factory resetting the phone without the end-user permission.
“Ever think someone else has access to your phone? Unfortunately, you may be right,” reported Alex Lisle, CTO of Kryptowire. Mobile applications are becoming the primary personal and professional activity point, representing an increasingly attractive target for bad actors.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: How to Survive the COVID Time Cyber Security Threats?