According to media reports, Samsung released monthly security updates and smartphones sold since the end of 2014 have a "perfect 10" critical security vulnerability that can enable arbitrary remote code once exploited.
According to reports, Samsung added support for the Qmage image format (.qmg) to all its mobile phones at the end of 2014, and Samsung's customized Android system has vulnerabilities in handling Qmage.
Mateusz Jurczyk, a security researcher at Google's Project Zero, discovered a way to exploit Skia (Android's graphics library) to process Qmage images sent to the device.
Jurczyk said the Qmage bug can be exploited with zero clicks, without user action, by repeatedly sending MMS messages to a Samsung device, with each message attempting to guess where the Skia library is located in the Android phone's memory, which is necessary to bypass Android's ASLR (Address Space Layout Randomization) protection.
The attacker typically takes around 100 minutes to send 50 to 300 MMS messages to probe and bypass ASLR. Once the Skia library is located in memory, the last MMS message delivers the actual Qmage payload, which then executes the attacker's code on the device.
While this attack may seem intensive, it can also be modified to execute without alerting the user. Samsung fixed this in a May security update.
Previous article:Breaking news: realme X2 Pro supports unlocking BL
Next article:Huawei applies for utility model patent: a vibration motor and electronic equipment patent
- Popular Resources
- Popular amplifiers
TC52N4137ECTRT
- Apple faces class action lawsuit from 40 million UK iCloud users, faces $27.6 billion in claimsAccording to foreign media reports, recently, the British consumer rights organization "Which?" filed an antitrust lawsuit against Apple on behalf of approximately 40 million iCloud users, accusing Apple of violating competition laws and seeking up to $30 million in damages. ...
- Apple and Samsung reportedly failed to develop ultra-thin high-density batteries, iPhone 17 Air and Galaxy S25 Slim phones became thickerOn November 11, sources Jukanlosreve and yeux1122 revealed that both Apple and Samsung's ultra-thin high-density battery projects had failed. The two companies had previously tried to develop ultra-thin high-density batteries in their iPhones. ...
- Micron will appear at the 2024 CIIE, continue to deepen its presence in the Chinese market and lead sustainable developmentAt this year's CIIE, Micron shared the latest progress of the Xi'an packaging and testing plant expansion project, and shared with relevant partners on the theme of "Talking about Empowerment: Co-promoting Coexistence of Business and Sustainable Development"....
- Qorvo: Innovative technologies lead the next generation of mobile industryAt the 12th China Hard Technology Industry Chain Innovation Trend Summit held recently, Qorvo China Senior Sales Director Jiang Xiong shared Qorvo's technological innovation and market development in the new generation of 5G applications. ...
- BOE exclusively supplies Nubia and Red Magic flagship new products with a new generation of under-screen display technology, leading the industry into the era of true full-screenBOE (BOE Oriental) exclusively supplies Nubia and Red Magic flagship new products. The new generation of under-screen display technology leads the industry into the era of true full-screen. On November 5, BOE (BOE Oriental) joined hands with Nubia, ...
- OPPO and Hong Kong Polytechnic University renew cooperation to upgrade innovation research center and expand new boundaries of AI imaging
- Gurman: Vision Pro will upgrade the chip, Apple is also considering launching glasses connected to the iPhone
- OnePlus 13 officially released: the first flagship of the new decade is "Super Pro in every aspect"
- Goodix Technology helps iQOO 13 create a new flagship experience for e-sports performance
- LED chemical incompatibility test to see which chemicals LEDs can be used with
- Application of ARM9 hardware coprocessor on WinCE embedded motherboard
- What are the key points for selecting rotor flowmeter?
- LM317 high power charger circuit
- A brief analysis of Embest's application and development of embedded medical devices
- Single-phase RC protection circuit
- stm32 PVD programmable voltage monitor
- Introduction and measurement of edge trigger and level trigger of 51 single chip microcomputer
- Improved design of Linux system software shell protection technology
- What to do if the ABB robot protection device stops
- Do you know all the various motors commonly used in automotive electronics?
- What are the functions of the Internet of Vehicles? What are the uses and benefits of the Internet of Vehicles?
- Power Inverter - A critical safety system for electric vehicles
- Analysis of the information security mechanism of AUTOSAR, the automotive embedded software framework
- Brief Analysis of Automotive Ethernet Test Content and Test Methods
- How haptic technology can enhance driving safety
- Let’s talk about the “Three Musketeers” of radar in autonomous driving
- Why software-defined vehicles transform cars from tools into living spaces
- How Lucid is overtaking Tesla with smaller motors
- Wi-Fi 8 specification is on the way: 2.4/5/6GHz triple-band operation
- Two power modules with the same voltage connected in parallel?
- cubemx sets TF to 4bit, but the file shows 1bit mode
- How to choose the inductor of BOOST boost power supply?
- "Invite you to disassemble" Episode 1 --- Xiaomi 45W charging head disassembly
- The experience of debugging L-band RF power amplifier is in "2019.1.1" for your reference
- 2021 ON Semiconductor Avnet RSL10 Bluetooth SoC Development and Design Competition 4th Post (Bluetooth Current)
- MSP430FR5969 Remote Upgrade
- Circuit help, how do you analyze this circuit?
- EEWORLD University - Designing Wide Input DC/DC Converters for Thermostat Applications
- Win a JD.com card! Check in at Infineon's new SiC MOSFET pop-up store
京公网安备 11010802033920号