Security researcher Mateusz Jurczyk from the Google Project Zero team has discovered a way in which the Skia library’s processing mechanism for Qmage images can be exploited without the user having to do anything.
The vulnerability is being exploited by sending MMS picture messages through Samsung Messages. The process needs to send a group of messages of up to 300 messages and the process may take more than an hour and a half depending on several factors to determine the location of the library.
Samsung acknowledged the existence of the vulnerability and sent its security solution within the monthly security update for May, but there is no confirmation if it will reach all the company’s damaged phones, especially the old ones.
It is noteworthy that the rest of the Android phones did not suffer from this security flaw caused by Samsung’s modification of the operating system to support the Qmage image format.
Source: Technology World