Using a Samsung phone ? Chances are you 0wnedFrom: anonNewsgroups:
Thu, 7 May 2020 14:17 UTC
View all headers
Today I'm happy to release new research I've been working on for a while: 0-click RCE via MMS in all modern Samsung phones (released 2015+), due to numerous bugs in a little-known custom "Qmage" image codec supported by Skia on Samsung devices. Demo: youtube.com/watch?v=nke8Z3…
Fixes for these bugs started rolling out with the May update, and Samsung officially addressed them as SVE-2020-16747 (security.samsungmobile.com/securityUpdate…). For now, we have assigned CVE-2020-8899 collectively to all 5218 unique crashes we reported.
Posted on def4