If you own a Galaxy smartphone you’d be wise to check the settings immediately. Samsung has just pushed out an urgent security patch which mends a number of issues including one – named CVE-2024-44068 – that could allow hackers access to devices. The bug, which was spotted by Google’s Threat Analysis Group, is worrying as – if successful – cyber crooks could steal personal data and take control of devices remotely.
It’s been confirmed that affected devices are all running Samsung’s Exynos chips – if you have a Qualcomm Snapdragon device you should be safe.
You can check online to see what chip is powering your device but the Galaxy S10 is just one of the smartphones that appears to be hit by the problems.
“An issue was discovered in the m2m scaler driver in Samsung Mobile Processor and Wearable Processor Exynos 9820, 9825, 980, 990, 850, and W920. A use-after-free in the mobile processor leads to privilege escalation,” a NIST advisory stated.
It’s now a very good idea to check your device and download the very latest October security updates from Samsung as these will fix any bugs or future attacks that could be about to take place.
Not sure how to update your Samsung phone? Here’s the easiest way to install the latest patches.
• Simply swipe down from the top of the screen, and then tap the Settings icon.
• Then you should see Software update, or System updates. It will vary between models.
• Next, you need to tap Download and install, Check for system updates, or Check for software updates.
• If there’s one pending you should download it and follow the on-screen instructions to install.
Commenting on this latest bug, Boris Cipot, senior security engineer at Black Duck, said: “Although this vulnerability may not be classified as highly critical, it still poses potential risks that users of affected devices need to be aware of. By exploiting CVE-2024-44068, an attacker can gain elevated access, allowing them to take control of the device and bypass its security measures.
“Once inside, the attacker could run malicious code, steal data, or even spy on the user, depending on their strategy and motivations.
“To protect against this, users should first ensure they have the latest security patches installed. The most recent update, released in October, addresses this vulnerability.”