As much as companies try to test their devices to look for bugs and security flaws, it would be impossible for them to spot everything. This is because we all use our devices differently, and the various combinations and deviations are simply too many for companies to consider every scenario.
As such, from time to time we do hear about companies who might have had security flaws sitting around for years before they are discovered and patched. Such is the case with Samsung who has recently patched a zero-day vulnerability that has actually been around on Samsung devices since 2014.
This vulnerability was discovered by Mateusz Jerczyk, a security researcher who works with Google’s Project Zero. The vulnerability involved how Samsung devices handle the custom Qmage image format, which Samsung started supporting in late 2014. Had this vulnerability been exploited, hackers could easily attack devices without the user even having to interact with it at all.
The security flaw was discovered in February and when Samsung was told about it, they managed to issue a patch in May that fixed it. To date there have not been any reports of the vulnerability being exploited in the wild, despite it having been around for so long, so that’s a relief.