We are thrilled to announce another remarkable milestone in our ongoing commitment to mobile security: the discovery of our 230th CVE, which Samsung Mobile has officially published.
The discovery
Ryan Johnson, Principal R&D engineer at Quokka, identified a critical vulnerability within Samsung Mobile’s software, which was recognized as SVE-2024-1200 (CVE-2024-34618). This vulnerability involves improper access control in the System property of Android versions 12, 13, and 14. It allowed local attackers to access sensitive cell-related information, posing a potential risk to user privacy.
Reported on May 27, 2024, and privately disclosed, this vulnerability has been categorized with a moderate severity level. In collaboration with Samsung Mobile, we have ensured that a patch has been implemented in the SMR Aug-2024 Release 1, effectively removing unused code to safeguard user information.
230th CVE an important milestone
Publishing CVEs is crucial in the cybersecurity landscape, as it helps standardize identifying and communicating vulnerabilities. Our 230th CVE highlights our ongoing dedication to advancing mobile security and reflects the collaborative efforts necessary to protect users, enterprises, and government agencies from evolving threats.
Leaders in zero-day discovery
With 230 CVEs published to date, we continue to demonstrate leadership in identifying and addressing vulnerabilities before adversaries exploit them. This milestone reflects our unwavering commitment to advancing mobile security and protecting users worldwide.
Stay Informed on the latest threats
Our research extends beyond individual vulnerabilities to broader privacy concerns in the mobile ecosystem. For more details on this CVE, along with additional findings, catch Ryan’s talk, “Android App Usage and Cell Tower Location: Private. Sensitive. Available to Anyone?” at DEF CON 32 in Las Vegas. Together, we can make the mobile world a safer place for everyone.
