Samsung makes some of the best smartphones, but that means when there's a security vulnerability, there's a greater chance that a large number of people will be affected.
If you have a Samsung smartphone or tablet, better make sure it's on the latest version. Kryptowire today announced that it had discovered a serious security vulnerability in Samsung devices that could allow hackers to gain virtual control over the entire device.
Fortunately, the issue was discovered and patched by Samsung in February, but if you have a Samsung phone, you should make sure it's fully up to date.
Which Samsung phones were affected?
Samsung devices that had the native Phone app, and running Android versions 9 through 12 were affected. The vulnerability allowed untrusted apps to hijack phones and any other Android systems, gaining unauthorized access to privileged data capabilities.
What was the vulnerability?
Kryptowire discovered the vulnerability in the pre-installed Phone app, which had an insecure component that allowed local apps to perform privileged operations without user authorization. For example, the vulnerability could let hackers factory reset the phone, make phone calls, install and uninstall apps, install root certificates, and more.
When did Samsung know, and when was it fixed?
According to Kryptowire, the CVE-2022-22292 vulnerability was disclosed to Samsung on November 27, 2021 and given a “High” severity rating by Samsung. Samsung patched the vulnerability in February 2022 as part of its ongoing Security Maintenance Release (SMR) process.
How to make sure your Samsung phone is up to date
To ensure your smartphone is running the latest version of Android, go to the Settings menu, then scroll down Software update at the bottom of the menu. Tap Download and install, then your phone will check for an update. It'll tell you if your device is up to date.