Samsung has recently begun the process of distributing the latest May security patches on its flagship devices. The Samsung Galaxy S20 has received the latest patch even before its official introduction by Google.
Now the official log of changes regarding the latest software update has finally appeared on the network. The latest security patch eliminates 9 critical vulnerabilities detected in Android and 19 vulnerabilities found in Samsung proprietary software. One of these 19 vulnerabilities is a critical bug that has been present in all Galaxy smartphones since 2014. This means that even old smartphones such as Galaxy S5 or Galaxy Note 4 are struggling with the problem.
Samsung: a security flaw has allowed hacking Galaxy phones since 2014
The security flaw took advantage of the fact that Samsung in its custom version of the Android operating system supports files in Qmage (.qmg) format. This file format was developed by the South Korean company Quramsoft. All Samsung Galaxy smartphones support .qmg files since the end of 2014. Interestingly, the implementation did not avoid a serious gap. Qmage files in Galaxy smartphones are in use to support Samsung Themes.
The Google Project Zero research team has discovered a vulnerability that allows exploiting the imperfections of Qmage implementation on Samsung smartphones. Using the zero-click vulnerability, it is possible to gain access to one of the libraries of the Android operating system (Skia).
Accessing operating system files is done by sending MMS messages. To get to the libraries of the Android operating system on Galaxy devices you need from 50 to even 300 MMS messages. Of course, the messages use .qmg files.
Samsung has officially fixed the bug known for almost 6 years with the introduction of security patches in May. Currently, the latest patch has arrived for smartphones such as Samsung Galaxy S20, Galaxy Z Flip, Galaxy Fold, Galaxy Note 10, Galaxy S10 and Galaxy A50.
To check for software updates, go to Settings> Software Update> Download and install.