Samsung Android multiple 0-click RCEs and other remote access issues in Qmage image codec
- CVE-2020-8899
- SVE-2020-16747
- CVSSv3 10.0
Sources
https://bugs.chromium.org/p/project-zero/issues/detail?id=2002
https://nvd.nist.gov/vuln/detail/CVE-2020-8899
https://security.samsungmobile.com/securityUpdate.smsb
Risks
An unauthenticated attacker can send a specially crafted MMS message to a vulnerable Android phone, which will trigger a buffer overflow within the Quram image codec leading to an arbitrary remote code execution without the need for user interaction.
Description
There is a buffer overflow vulnerability present in the Quram qmg library used within Android OS for the handling of certain images.
This issue makes it possible for an unauthorized attacker to embedded a payload within a custom made MMS message. Vulnerable phones will then perform arbitrary remote code execution on the root level without any user interaction. All devices sold starting from 2015 are susceptible for this attack, but to perform this attack an adversary will need to send multiple MMS messages to fully exploit the device.
Recommended Actions
CERT.be recommends installing the latest updates for Samsung devices to resolve this issue and many other vulnerabilities.
As an extra measure, you could consider restricting the processing of MMS messages on your phone, if applicable to your need for this service. Instructions on how to do this can be found here: