Samsung S24 Devices Face Critical Audio Decoder Vulnerability
/ 1 min read
🎶🔒 Critical vulnerability discovered in Samsung S24’s audio decoder. A report by Google’s Project Zero researcher Natalie Silvanovich has identified a serious flaw in the Monkey’s Audio (APE) decoder of the Samsung S24 smartphone, tracked as CVE-2024-49415, with a CVSS score of 8.1. This vulnerability allows remote attackers to execute arbitrary code via a specially crafted APE audio file, exploiting an out-of-bounds write issue in the libsaped.so library. Notably, this zero-click exploit can occur without user interaction if the device is set up for Rich Communication Services (RCS). Samsung has released a security update in December 2024 to address this issue, and users are advised to install the latest updates to safeguard their devices.
