Threat Watch

CVE-2022-22292 Used to Compromise Android 9,10,11, and 12 devices

Researchers from Kryptowire discovered a vulnerability, tracked as CVE-2022-22292, located within Android devices. The vulnerability resides in a pre-installed app that executes with system privileges on Samsung devices. Experts pointed out that the Phone app has an insecure component which allows local apps to perform privileged operations without any user interaction. This could give an attacker the ability to initiate a factory reset, make phone calls, install/uninstall apps, and weaken security controls. This has been rated as a high severity vulnerability and was reported to Samsung.

Subscribe to Threat Watch

Daily summaries of threats, delivered straight to your inbox!


Click Here to Subscribe to Threat Watch

ANALYST NOTES

Samsung addressed this vulnerability in a patch released in February. Mobile applications are becoming a major target for threat actors due to the sensitive nature of the information that they may hold. It is important that all mobile users only download applications from trusted app stores. Users should also stay up to date on security patches and ensure they have an anti-virus software running to protect their devices.

https://securityaffairs.co/wordpress/129942/hacking/cve-2022-22292-hack-samsung-android-devices.html?web_view=true

Facebook Twitter Instagram Youtube Linkedin
Solutions
Become a Reseller

Industries

Resources

About

Contact Us
Contact Support