This article discusses CVE-2024-49415, a severe vulnerability affecting the Samsung Galaxy S23 and S24 series. It reveals an out-of-bounds write vulnerability in the Monkeyβs Audio (APE) decoder, libsaped.so, which could allow remote code execution via malicious APE files sent through messaging services. Users are strongly urged to apply security updates and disable RCS features. Affected: Samsung Galaxy S23, Samsung Galaxy S24, Android 12, Android 13, Android 14
Keypoints :
- CVE-2024-49415 is a vulnerability specific to Samsung Galaxy S23 and S24.
- The vulnerability allows for Zero-Click Remote Code Execution (RCE) through a heap buffer overflow.
- Affected systems include those running Android 12, 13, and 14.
- The vulnerability exists in the function saped_rec of the libsaped.so library.
- A security update has been released to mitigate this vulnerability.
- Attackers can exploit this issue by sending a crafted APE file via messaging apps.
- The issue can lead to memory manipulation, arbitrary code execution, and potential data leakage.
- Users are advised to disable RCS features immediately and ensure they install updates.
MITRE Techniques :
- TAO-008 (Remote Code Execution): Exploitation of the vulnerability by sending malicious APE files through messaging services without user interaction.
- TAO-015 (Heap Overflow): Out-of-Bounds Write in the saped_rec function, leading to writing beyond the allocated buffer.
Indicator of Compromise :
- [Domain] samsung.com
- [File] libsaped.so
- [Vulnerability ID] CVE-2024-49415
- [Device Model] Samsung Galaxy S23
- [Device Model] Samsung Galaxy S24
Full Story: https://wezard4u.tistory.com/429395