Summary: A high-severity security flaw in the Monkey’s Audio (APE) decoder on Samsung smartphones could allow remote code execution without user interaction. The vulnerability, tracked as CVE-2024-49415, has been patched in December 2024 security updates for affected devices running Android versions 12, 13, and 14.
Threat Actor: Remote attackers | remote attackers
Victim: Samsung smartphone users | Samsung smartphone users
Key Point :
- The vulnerability allows for arbitrary code execution via specially crafted audio messages sent through Google Messages.
- It affects devices with RCS enabled, particularly Galaxy S23 and S24 models.
- The flaw was discovered by Google Project Zero researcher Natalie Silvanovich and requires no user interaction to exploit.
- Samsung’s patch also addresses another vulnerability in SmartSwitch that could allow local attackers to install malicious applications.
Source: https://thehackernews.com/2025/01/google-project-zero-researcher-uncovers.html