Eight-Year-Old Samsung KNOX Flaw Exposed Millions of Galaxy Devices to Kernel Attacks
Summary
A high-severity use-after-free vulnerability, present for eight years in Samsung's KNOX security framework, exposed millions of Android-powered Galaxy devices (from S9 through S25) to potential kernel attacks. This flaw could have allowed an attacker to execute arbitrary code with kernel privileges on affected devices.
IFF Assessment
An eight-year-old, high-severity vulnerability in a core security framework made millions of Samsung Galaxy devices susceptible to kernel attacks, indicating a significant risk to defenders.
Severity
The vulnerability is a high-severity use-after-free in a critical security framework (KNOX) that could lead to kernel attacks. This implies complete compromise of the device (high impact) and potentially high exploitability for arbitrary code execution at the kernel level.
Defender Context
Defenders should prioritize ensuring all Samsung Galaxy devices from S9 to S25 under their management are promptly patched with the latest security updates addressing this KNOX vulnerability. This incident highlights the critical importance of timely patching for foundational device security frameworks and the potential for long-standing vulnerabilities to remain undiscovered or unaddressed.