If you own an older Galaxy smartphone, it’s good to keep an eye out for software updates, as Samsung, which should soon launch a competitor for the Apple Card, has just released a critical update to fix a security breach that affects models launched since 2014.
The package includes 9 fixes for serious Android vulnerabilities – including a critical flaw – and also resolves some bugs in the system.
Regarding the flaw mentioned above, it was discovered in February by Google’s Project Zero research team, and allows malicious users to exploit the imperfections of the Qmage (.qmg) format, which is owned by the South Korean company.
It is used in Themes for interface customization, offered by Samsung in its Galaxy Apps store, and its flaw allows hackers to exploit the Android graphics library (Skia) without authorization.
This is due to the fact that Android redirects all images sent to a device directly to Skia for them to be processed (without the need for permissions by the user).
The vulnerability was reported to Samsung as early as February, but only now – after three months – has the company managed to fix it.
Old models still waiting for correction
Unfortunately not all affected phones have been updated yet; at the time of writing this article, only the Galaxy S20, Galaxy Note 10, Galaxy S10 models as well as the Galaxy A50, Galaxy Fold and Galaxy Z Flip have received the corrections.
That is, older devices are still vulnerable to these attacks, and it is up to Samsung and its software development team to resolve the problem.
Let’s hope that in the coming months the company will commit to delivering the necessary security fixes to all affected devices.