CVE-2024-49415

Published Dec 3, 2024

Last updated 17 days ago

Overview

Description
Out-of-bound write in libsaped.so prior to SMR Dec-2024 Release 1 allows remote attackers to execute arbitrary code.
Source
mobile.security@samsung.com
NVD status
Analyzed

Risk scores

CVSS 3.1

Type
Primary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

nvd@nist.gov
CWE-787

Social media

Hype score
Not currently trending
  1. #Vulnerability #APEaudio 0-Click Vulnerability in Samsung S24 Devices: PoC Releases for CVE-2024-49415 https://t.co/68Tg4VzSyh

    @Komodosec

    4 Feb 2025

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Severe vulnerability CVE-2024-49415 affects Samsung Galaxy S23/S24, allowing remote code execution via malicious APE files. Security updates are critical! 📱💻 #SamsungSecurity #AndroidVulnerability #SouthKorea link: https://t.co/FDxSMVvOg2 https://t.co/C42bTqgDjU

    @TweetThreatNews

    31 Jan 2025

    75 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Plush Daemon APT targets a South Korean VPN in a supply chain attack! Also, CVE-2024-49415 in Samsung's APE decoder allows RCE via RCS-enabled Google Messages . Patch released in Dec 2024! #CyberSecurity #Samsung #CVE2024 #AndroidSecurity #RCS #TruBitX https://t.co/BAeqPIILgb

    @TruBitXOfficial

    29 Jan 2025

    6 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  4. 🔷 #تيلي_تايم ||ثغرة أمنية خطيرة تهدد بيانات موبايلات #سامسونج ⭕الثغرة دي اسمها CVE-2024-49415 بتخترق الموبايلات عن طريق الرسائل الصوتية. ⭕ حسب موقع «هاكر نيوز»، اكتشاف الثغرة كان بفضل الباحثة نتاليا سيلفانوفيتش من مشروع Google Project Zero. #explore https://t.co/dBWHymNm6E

    @TELETIME367260

    17 Jan 2025

    32 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  5. 중요) 삼성휴대폰 업데이트 적극 권장 ● CVE-2024-49415 보안 취약점 발생 * 공격자가 문자 메시지(RCS)로 취약점을 공격하는 메시지를 보낼 경우, 디바이스가 이를 디코딩하는 도중 원격 코드를 실행할 수 있음 * 이번 건은 제로클릭 취약점으로서, 사용자가 *아무 터치를 하지 않아도* 실행되는 ...

    @Plndang2

    17 Jan 2025

    495 Impressions

    5 Retweets

    9 Likes

    3 Bookmarks

    2 Replies

    0 Quotes

  6. CVE-2024-49415: Zero-Click RCE via OOB Write on Samsung Smartphones Samsung S24: Out of bounds write in APE Decoder [368695689] - Project Zero https://t.co/KyYt6pJ4mI

    @samilaiho

    16 Jan 2025

    640 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. [1day1line] CVE-2024-49415: Zero-Click RCE via OOB Write on Samsung Smartphones https://t.co/dxCzcYMWsb A Zero-Click RCE vulnerability has been discovered in Samsung Android 12, 13, and 14. It occurs in the decoder of Monkey’s Audio files and can be exploited without user… h

    @hackyboiz

    15 Jan 2025

    7773 Impressions

    22 Retweets

    103 Likes

    51 Bookmarks

    0 Replies

    0 Quotes

  8. The Hacker News website has highlighted a software vulnerability that could allow hackers to access certain Samsung smartphones through voice messages. The vulnerability, labeled "CVE-2024-49415," was uncovered by Natalia Silvanovich, a researcher at Google Project Zero. This… h

    @FoejMedia

    15 Jan 2025

    52 Impressions

    0 Retweets

    5 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. 2/9 Unveiled: CVE-2024-49415 - A critical flaw in @Microsoft 's PlayReady DRM. Learn how it bypasses PMP tech to access protected content on @netflix , @hbomax . 📺 #DRM #SecurityBreach

    @Eth1calHackrZ

    15 Jan 2025

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. Wystarczy wysłać SMSa z plikiem audio do telefonu Samsunga aby wykonać złośliwy kod na telefonie ofiary. ✅ Ciekawą podatność zlokalizowała ekipa Google. CVE-2024-49415 ❌ Jak określają to badacze - podatność jest klasy 0-click - czyli ofiara nie musi wykonywać żadnej czynności…

    @Sekurak

    14 Jan 2025

    7360 Impressions

    17 Retweets

    100 Likes

    19 Bookmarks

    3 Replies

    0 Quotes

  11. CVE-2024-49415: Critical Flaw in Samsung Phones Allows Remote Code Execution https://t.co/B4ZbJUrmW1

    @the_yellow_fall

    14 Jan 2025

    624 Impressions

    5 Retweets

    8 Likes

    5 Bookmarks

    0 Replies

    0 Quotes

  12. Researcher Uncovers Zero-Click Exploit Targeting Samsung Devices. The high-severity vulnerability, tracked as CVE-2024-49415 (CVSS score: 8.1), affects Samsung devices running Android versions 12, 13, and 14. https://t.co/Pfbn289Wi2 https://t.co/C5n6e7cxph

    @riskigy

    13 Jan 2025

    41 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. Samsung S24 Cihazlarında 0-Click Zafiyeti: CVE-2024-49415 https://t.co/xQknBOhXpV

    @cyberwebeyeos

    13 Jan 2025

    28 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. 🚨Google Project Zero uncovered a now-patched flaw (CVE-2024-49415) in Samsung's Monkey's Audio decoder. Exploited via Google Messages on RCS-enabled Galaxy S23/S24, the bug allowed remote code execution without user interaction.🔒📱 #CyberSecurity #Samsung #ZeroClickExploit

    @firexcore

    13 Jan 2025

    69 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. 0-Click Vulnerability in Samsung S24 Devices: PoC Releases for CVE-2024-49415 https://t.co/oXKEd4Uexj

    @Dinosn

    13 Jan 2025

    2753 Impressions

    8 Retweets

    17 Likes

    15 Bookmarks

    0 Replies

    0 Quotes

  16. 0-Click Vulnerability in Samsung S24 Devices: PoC Releases for CVE-2024-49415 Critical vulnerability in Samsung S24 smartphone: CVE-2024-49415. Learn how remote attackers could execute arbitrary code and take control of the device https://t.co/UxWCuGejq4

    @the_yellow_fall

    13 Jan 2025

    22 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  17. ¿Sabías que un simple mensaje de audio podría comprometer tu smartphone Samsung? 📱🔒 Abro hilo 🧵 Investigadores descubrieron una vulnerabilidad crítica (CVE-2024-49415, CVSS 8.1) en el decodificador Monkey's Audio (APE) en dispositivos Samsung con Android 12, 13 y 14. Este ⬇️

    @Alevsk

    12 Jan 2025

    183 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    3 Replies

    1 Quote

  18. Samsung Galaxy S24 และ S23 พบช่องโหว่ Zero-Click ไม่ต้องกดลิงก์ก็เสี่ยงถูกแฮก https://t.co/4foDLgGoSI CVE-2024-49415

    @ohmohm

    12 Jan 2025

    48 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. 𝐙𝐞𝐫𝐨-𝐂𝐥𝐢𝐜𝐤 𝐕𝐮𝐥𝐧𝐞𝐫𝐚𝐛𝐢𝐥𝐢𝐭𝐲 𝐢𝐧 𝐒𝐚𝐦𝐬𝐮𝐧𝐠 𝐑𝐂𝐒 𝐄𝐱𝐩𝐨𝐬𝐞𝐬 𝐌𝐢𝐥𝐥𝐢𝐨𝐧𝐬 𝐨𝐟 𝐃𝐞𝐯𝐢𝐜𝐞𝐬 𝐭𝐨 𝐑𝐞𝐦𝐨𝐭𝐞 𝐀𝐭𝐭𝐚𝐜𝐤𝐬 SEOUL, South Korea, Jan. 11, 2025 — A recently uncovered zero-click vulnerability, identified as CVE-2024-49415, has… htt

    @techuncut_com

    11 Jan 2025

    24 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  20. آسیب پذیری CVE-2024-49415 در گوشی‌های گلکسی S23 و S24 سامسونگ #Cyber_security_news #اخبار_امنیت_سایبری #CVE_2024_49413 #CVE_2024_49415 #Galaxy_S23 #Galaxy_S24 https://t.co/M2CtLsijSC

    @vulnerbyte

    11 Jan 2025

    76 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  21. CVE-2024-49415 : Samsung Android devices Impacted #CVE-2024-39415 #Samsung https://t.co/8Wngs2Z7zn

    @pravin_karthik

    11 Jan 2025

    18 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  22. Threat Alert: Google Project Zero Researcher Uncovers Zero-Click Exploit Targeting Samsung Dev CVE-2024-49413 CVE-2024-49415 Severity: ⚠️ Critical Maturity: 💢 Emerging Learn more: https://t.co/xaY5o4Y29h #CyberSecurity #ThreatIntel #InfoSec

    @fletch_ai

    11 Jan 2025

    36 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  23. Un investigador del Proyecto Zero de Google descubre un exploit de clic cero que ataca a dispositivos Samsung ➡️ CVE-2024-49415 afecta Google Messages que usan RCS https://t.co/86tvsJJPj6 https://t.co/dZfLCBxYJp

    @elhackernet

    10 Jan 2025

    3293 Impressions

    19 Retweets

    69 Likes

    7 Bookmarks

    0 Replies

    0 Quotes

  24. فريق قوقل الأمني كشف عن تفاصيل ثغرة خطيرة في هواتف سامسونج من إصدار آندرويد11 الى14 CVE-2024-49415: ثغرة في مكتبة فك ترميز ملفات الصوت تمكن المهاجم من تنفيذ تعليمات برمجية عن بُعد بدون تفاعل من المستخدم! استغلاها يتم بإرسال رسالة صوتية ضارة عبر تطبيق رسائل قوقل، حيث يتم فك… htt

    @masfbr

    10 Jan 2025

    1064 Impressions

    0 Retweets

    2 Likes

    2 Bookmarks

    1 Reply

    0 Quotes

  25. Critical security flaw in Samsung smartphones' Monkey's Audio decoder patched. High risk CVE-2024-49415. Read more: https://t.co/4f5DoraCs6

    @threatlight

    10 Jan 2025

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  26. Without even opening a file, your #Samsung phone is at risk of remote code execution. Sounds alarming? That’s exactly what CVE-2024-49415, a critical #vulnerability in Samsung’s Monkey's Audio (APE) decoder, enables on devices running #Android 12, 13, and 14. Details:… https://t

    @secure_blink

    10 Jan 2025

    49 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  27. Scoperta una vulnerabilità zero-click in un decoder audio APE su smartphone #Samsung, CVE-2024-49415 che interessa le versioni Android 12, 13 e 14 Per risolvere il problema, è necessario installare l'aggiornamento di sicurezza di dicembre 2024 https://t.co/EjJ7OruoCT

    @techworldaleant

    10 Jan 2025

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  28. ⚠️ A high-severity vulnerability in Samsung's Monkey's Audio decoder (CVE-2024-49415) is putting millions of devices at risk. Read details here: https://t.co/v9RahWYVG0

    @TheHackersNews

    10 Jan 2025

    41923 Impressions

    52 Retweets

    111 Likes

    20 Bookmarks

    1 Reply

    3 Quotes

  29. “Samsung”un mobil cihazlarında boşluq (CVE-2024-49415) aşkar olunub. #ETX #certaz #cybersecurity #kibertəhlükəsizlik #xəbərdarlıq https://t.co/pTCl6CbVyP

    @CERTAzerbaijan

    27 Dec 2024

    45 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  30. 📱 Galaxy S24シリーズに重要なセキュリティアップデート配信開始! 6件の重大レベルの修正と28件の高レベルのセキュリティ強化を含む大規模アップデート 特に注目は深刻な脆弱性「CVE-2024-49415」への対応 リモートコード実行のリスクから端末を保護 対象機種: ・Galaxy S24 ・Galaxy S24 Plus… https://t.co/SR894frkn3 https://t.co/VG5GkN7Nhi

    @TechTrendsJP

    10 Dec 2024

    196 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  31. CVE-2024-49415 (CVSS:8.1, HIGH) is Awaiting Analysis. Out-of-bound write in https://t.co/Wsc8eZjK0X prior to SMR Dec-2024 Release 1 allows remote attackers to execute arbitrary code...https://t.co/kVT6v3OsDm #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre

    @cracbot

    8 Dec 2024

    41 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations