Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  nodelist  faq  login

"355/113 -- Not the famous irrational number PI, but an incredible simulation!"


rocksolid / Security / Using a Samsung phone ? Chances are you 0wned

SubjectAuthor
o Using a Samsung phone ? Chances are you 0wnedanon

1
Subject: Using a Samsung phone ? Chances are you 0wned
From: anon
Newsgroups: rocksolid.shared.security
Organization: def5
Date: Thu, 7 May 2020 14:17 UTC
Path: i2pn2.org!rocksolid2!def5!POSTED.localhost!not-for-mail
From: ano...@anon.com (anon)
Newsgroups: rocksolid.shared.security
Message-ID: <ad7fe7bd4931d59ec8b25a688183db70@def4>
Subject: Using a Samsung phone ? Chances are you 0wned
Date: Thu, 07 May 2020 14:17:17+0000
Organization: def5
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
View all headers

https://mobile.twitter.com/j00ru/status/1258066559765004295


Today I'm happy to release new research I've been working on for a while: 0-click RCE via MMS in all modern Samsung phones (released 2015+), due to numerous bugs in a little-known custom "Qmage" image codec supported by Skia on Samsung devices. Demo: youtube.com/watch?v=nke8Z3…

Fixes for these bugs started rolling out with the May update, and Samsung officially addressed them as SVE-2020-16747 (security.samsungmobile.com/securityUpdate…). For now, we have assigned CVE-2020-8899 collectively to all 5218 unique crashes we reported.


Posted on def4


1
rocksolid light 0.7.2
clearneti2ptor