Security News > 2025 > January > Google Project Zero Researcher Uncovers Zero-Click Exploit Targeting Samsung Devices
2025-01-10 15:39
Cybersecurity researchers have detailed a now-patched security flaw impacting Monkey's Audio (APE) decoder on Samsung smartphones that could lead to code execution. The high-severity vulnerability, tracked as CVE-2024-49415 (CVSS score: 8.1), affects Samsung devices running Android versions 12, 13, and 14. "Out-of-bounds write in libsaped.so prior to SMR Dec-2024 Release 1 allows remote
News URL
https://thehackernews.com/2025/01/google-project-zero-researcher-uncovers.html
Related news
- Phishers Exploit Google Sites and DKIM Replay to Send Signed Emails, Steal Credentials (source)
- Hackers Exploit Samsung MagicINFO, GeoVision IoT Flaws to Deploy Mirai Botnet (source)
- Samsung Patches CVE-2025-4632 Used to Deploy Mirai Botnet via MagicINFO 9 Exploit (source)
- Google fixes high severity Chrome flaw with public exploit (source)
- Chinese APT41 Exploits Google Calendar for Malware Command-and-Control Operations (source)
- Google quietly pushes emergency fix for Chrome 0-day as exploit runs wild (source)
- Google fixes Chrome zero-day with in-the-wild exploit (CVE-2025-5419) (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-12-03 | CVE-2024-49415 | Out-of-bounds Write vulnerability in Samsung Android 12.0/13.0 Out-of-bound write in libsaped.so prior to SMR Dec-2024 Release 1 allows remote attackers to execute arbitrary code. | 9.8 |