Out-of-bound write in libsaped.so prior to SMR Dec-2024 Release 1 allows remote attackers to execute arbitrary code.
How the attack could be performed?
This setting is enabled by default on the Galaxy S23 and S24 models.
This flaw allowed local attackers allowed local attackers to install malicious applications by exploiting insufficient cryptographic signature verification.
Additionally, it is advisable to disable RCS in Google Messages to reduce the risk of zero-click exploits further.
source: www.techworm.net
