Google found in the Galaxy S6 Edge 11 vulnerabilities – PC Week / RE

Google found a serious vulnerability in the code of Samsung’s Galaxy S6 Edge. Recall that Google is not completely control Android. Company under license enables partners to make changes in the code of the system and add your own modules. This could potentially cause problems for one of the smartphones Samsung. The publication Apple Insider reports that just a week exploring additional code, which Samsung has written for its flagship smartphone Galaxy S6 Edge, Google specialists were able to find 11 “holes” in the security system. They can easily be exploited to gain remote access to the correspondence, photographs and contact the owner of the device.

In particular, the report states that the process, extract the ZIP-files for a direct link from the Internet, works with system privileges. This opens opportunities for attacks. Another dangerous mistake was found in the code in the email application that allows third-party applications to hack mail and forward emails to other accounts. A buffer overflow in the three processes of Samsung could be used for all system privileges and full control over the device.

The other five vulnerabilities are related to the image processing system: two of them are allowed to obtain elevated privileges when you open an image in the gallery Samsung and three fires when the image is loaded.

At Google testing Android devices by a team Project Zero. She looks for vulnerabilities in the code that manufacturers add to the OS Android. In particular, experts are trying to crack the smartphone remotely without user intervention, and through application that does not require a system of permits.

After the release of this article, we have received an official comment Samsung Electronics:

 - Strengthening the trust of our customers is a top priority for the Samsung. That is why in October last year, we launched a program of monthly automatic update Samsung Security Update. Previously, Google has told us about bugs or vulnerabilities – eight of them, the most critical, we have already corrected in the company laden with 90 days term. The remaining vulnerabilities are corrected by the November update of Samsung Security Update, which will be released in the next few weeks. Samsung recommends users to constantly update the installed applications and software.