New Samsung attack threat revealedAFP via Getty ImagesExciting times for Galaxy flagship owners, with the excellent Android 15 upgrade due to be released in just a few weeks, alongside the launch of the new S25. The new OS brings a raft of security and privacy enhancements as Samsung narrows the gap to iPhone, some are general Android enhancements and some are specific to Samsung.One area that is still very much work in progress, though, is the painful monthly process to patch security vulnerabilities, again whether thats across Android or is specific to Samsung. Weve seen multiple delays in recent months, as Samsungs have lagged behind Pixels in getting critical OS fixes. The new S25 looks likely to move to Androids seamless update process for the first time, which will help, but that wont in itself resolve the monthly merry-go-round.While most of the recent dangerous vulnerabilities have either related to Androids OS or Qualcomms chipsets, there were some Samsung-specific critical issues patched last month. As I reported in December, one vulnerability in particular CVE-2024-49415 which was a Samsung memory issue was addressed to stop potential attacks from executing remote code on Galaxy devices. Now a Google Project Zero researcher has unrestricted this issue, which shows a fun new attack surface. Android RCS locally transcribes incoming media, making vulnerabilities audio codecs now fully-remote.MORE FOR YOUThe threat is an out-of-bounds write in the Monkey's Audio (APE) decoder on the Samsung S24. The function saped_rec in libsaped.so writes to a dmabuf allocated by the C2 media service, which always appears to have size 0x120000. While the maximum blocksperframe value extracted by libsapedextractor is also limited to 0x120000, saped_rec can write.In real-world terms, this relates to the S24s transcription service transcoding audio attached to an RCS message. Note that this is a fully-remote (0-click) bug on the Samsung S24, the write-up warns. If Google Messages is configured for RCS (the default configuration on this device), as the transcription service decodes incoming audio before a user interacts with the message for transcription purposes the device can be attacked.The vulnerability can be exploited by writing up to three-times the allowable data size, risking memory corruption and potentially leaving the advice open to a fully remote attack. A likely attack would combine this vulnerability with others, to plant malware, exfiltrate data or seek to take over a device. The write-up includes details of a demonstrable S24 attack, albeit the bug was tested a Samsung S23 and S24 and both appear to be affected. It was not tested on other devices.If you have installed Decembers security release, then your device is secure against this threat. You should check your phone now and make sure thats the latest update you're running. But not all affected devices will have bene updated, and while newer flagships are usually patched early in the month, the update schedule runs to the month-end and sometimes beyond. All the more reason to check for updates and install as soon as available.