Security News > 2020 > May > Samsung Patches Critical 0-Click Vulnerability in Smartphones

Samsung this week released its May 2020 set of security updates for Android smartphones, which includes a patch for a critical vulnerability impacting all of its devices since 2014.
In addition to the fixes in the Android Security Bulletin - May 2020, the phone maker's updates patch 19 vulnerabilities specific to Samsung smartphones.
Samsung says it addressed the bug with proper validation, but does not provide further details on the vulnerability.
The bug appears to affect all Samsung smartphones released since 2014, when the company added support for the custom Qmage image format that was designed by Korean third-party company Quramsoft.
The researcher exploited the bug on a Samsung smartphone running Android 10, with the default Samsung Messages app set as the SMS/MMS handler.
News URL
Related news
- Elastic Releases Urgent Fix for Critical Kibana Vulnerability Enabling Remote Code Execution (source)
- Moxa Issues Fix for Critical Authentication Bypass Vulnerability in PT Switches (source)
- Critical PHP RCE vulnerability mass exploited in new attacks (source)
- New Critical AMI BMC Vulnerability Enables Remote Server Takeover and Bricking (source)
- IBM scores perfect 10 ... vulnerability in mission-critical OS AIX (source)
- Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120) (source)
- Infoseccers criticize Veeam over critical RCE vulnerability and a failing blacklist (source)
- Critical Next.js Vulnerability Allows Attackers to Bypass Middleware Authorization Checks (source)
- Critical Next.js auth bypass vulnerability opens web apps to compromise (CVE-2025-29927) (source)
- Critical Ingress NGINX Controller Vulnerability Allows RCE Without Authentication (source)