New Delhi: Samsung smartphone and Galaxy Watch users have been alerted to a serious security vulnerability actively exploited in real-world attacks, prompting the Indian government to issue a high-severity risk warning. The Indian Computer Emergency Response Team (CERT-In), responsible for handling cybersecurity threats nationwide, has flagged this vulnerability, underscoring the potential risk to millions of Samsung device users across the country.
The vulnerability impacts specific Samsung mobile processors and Galaxy Watch models, allowing hackers to exploit these devices by executing unauthorized code and escalating user privileges. CERT-In’s security note explained, “A vulnerability has been reported in Samsung mobile processor and Wearable processor which could allow an attacker to execute arbitrary code and privilege escalation on the targeted devices.”
The primary cause identified is a “Use-After-Free” flaw within Samsung’s mobile processors. This bug, once exploited, grants attackers elevated privileges on the device, a scenario that could lead to unauthorized access to personal data and device functions. Reports confirm that hackers may have already exploited this issue, targeting users unaware of the security flaw.
Affected Samsung Devices
CERT-In’s alert specifies several Samsung Exynos processors and the Galaxy Watch W920 model as affected by this vulnerability. Devices equipped with these processors are susceptible unless updated with Samsung’s latest security patches. Affected processors include:
- Samsung Exynos 9820
- Samsung Exynos 9825
- Samsung Exynos 980
- Samsung Exynos 990
- Samsung Exynos 850
- Samsung Galaxy Watch Processor W920
Samsung’s Response and Recommendations for Users
Samsung has acknowledged the issue and is working on addressing the vulnerability. The company urges all users of affected devices to immediately install the latest security updates to protect against potential threats. The updates can be accessed through device settings under software updates. Samsung’s support channels are also available for users seeking assistance in applying these patches.
Why Immediate Action Is Crucial
Cybersecurity experts emphasize the need for prompt action, as this vulnerability has reportedly been “exploited in the wild,” meaning hackers are actively targeting Samsung devices to take advantage of this flaw. With attackers potentially already harnessing this vulnerability, users who delay updating their devices remain at heightened risk of data breaches and unauthorized access.
The high-severity alert aims to mitigate the damage by urging users to update their devices as soon as possible. To check if your Samsung device has pending updates, navigate to Settings > Software Update > Download and Install and apply any available updates immediately.
