According to Google’s Project Zero security team, several phone makers have tinkered with the software to form their devices safer – however, within the process, they have actually ended up making the phones susceptible to serious security bugs.
This includes Samsung, whose tinkering with the Android Linux kernel has resulted in exposing the company’s devices to a variety of threats.
Google’s Jann Horn revealed that while making these changes, Samsung added custom drivers, thus creating direct access to the kernel.
While this was meant to reinforce security on the device, it created a memory corruption bug.
Samsung described the bug as a moderate issue consisting of use-after-free and double-free vulnerabilities on devices running Android 9 Pie and Android 10 and affected the company’s PROCA (Process Authenticator) security subsystem.
This bug was patched with an update within the recent February update by the corporate, he mentioned that the engineering resources could’ve been better utilized had it ensured that a hacker doesn’t even reach now.
