Samsung patches 0-click vulnerability impacting all smartphones sold since 2014
Samsung released an update this week that patches a 0-click vulnerability that impacts all phones sold by the vendor since 2014. Google’s Project Zero bug-hunting team discovered the flaw, which lies in how the Android OS running on Samsung phones handles Qmage image format that is custom-made and supported on all devices since 2014.
Mateusz Jurczyk, a security researcher with Project Zero, reportedly discovered a way to exploit how the Android graphics library (Skia) manages Qmage images sent to a device, stating that the bug can be exploited in a zero-click scenario. This means that the vulnerability can be exploited without user interaction, and is a result of Andriod redirecting images sent to a device to the Skia library for processing.