Samsung patches zero-day security flaw used to hack into its customers’ phones

Samsung says it has fixed a zero-day information vulnerability that is being utilized to hack into its customers’ phones. 

The telephone shaper said the information flaw, discovered successful a bundle room for displaying images connected Samsung devices, allows hackers to remotely works malicious codification connected Samsung devices moving Android 13 done the astir caller version, Android 16. 

Samsung’s advisory said information teams from Meta and WhatsApp privately notified the institution connected August 13 and was told that “an exploit for this contented has existed successful the wild.” 

Samsung did not supply a database of devices affected by the vulnerability.

The bug is known arsenic a zero-day due to the fact that the vendor, successful this lawsuit Samsung, was fixed nary clip to hole the bug earlier it was exploited. 

It’s not instantly wide who is down the hacking run oregon however galore Samsung customers are affected, and a spokesperson for Samsung did not respond to a petition for remark sent anterior to publication.

But the information fixes coincide with a flurry of information updates from different telephone bundle vendors aimed astatine countering an ongoing spyware campaign. 

Samsung’s information patches travel separate information fixes issued by Apple and WhatsApp successful August, fixing vulnerabilities that information researchers accidental were utilized to people some iPhone owners and Android users.

WhatsApp told TechCrunch astatine the clip that the messaging app shaper sent less than 200 notifications to affected users whose phones were targeted oregon compromised by the campaign. 

For its part, Apple has not commented connected the vulnerabilities it patched, but to say that the flaw was utilized successful an “extremely blase onslaught against circumstantial targeted individuals.”

Apple periodically notifies caller victims of imaginable spyware attacks, and asks them to question assistance from Access Now’s integer information lab. The tech elephantine astir precocious connected September 3 notified an unspecified fig of its customers that their phones were targeted arsenic portion of a spyware campaign, according to the French government.