Samsung Galaxy S24 Vulnerability Let Create Arbitrary Files on Affected Installations

A significant vulnerability in Samsung Galaxy S24 devices that allows network-adjacent attackers to create arbitrary files on affected installations. 

The flaw, identified as CVE-2024-49421, was publicly announced on April 9, 2025, as part of the Pwn2Own competition findings.

The vulnerability, tracked as ZDI-25-229 (ZDI-CAN-25650), received a CVSS score of 5.9 (AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L), indicating a medium-to-high severity issue. 

Security researcher Ken Gannon of NCC Group (@yogehi) discovered the directory traversal vulnerability in Samsung’s Quick Share feature, which allows users to easily share files between devices.

Critical Security Flaw in Quick Share Application

According to the Zero Day Initiative advisory, the vulnerability provides attackers with network access to create arbitrary files on affected installations of Samsung Galaxy S24.

An attacker must first gain access to the target device to undertake any activity.  The issue results from the lack of proper validation of a user-supplied path prior to using it in file operation.

“The specific flaw exists within the Quick Share application. An attacker can leverage this vulnerability to create files in the context of the current user”, reads the advisory.

The technical details reveal that the vulnerability stems from improper path validation, enabling attackers to manipulate file operations through the Quick Share Agent. 

The vulnerability affects explicitly Quick Share Agent versions prior to 3.5.14.47 in Android 12, 3.5.19.41 in Android 13, and 3.5.19.42 in Android 14.

To exploit this vulnerability, an attacker needs to be network-adjacent to the target device, meaning they must be on the same network or in close physical proximity. 

While this limits the attack scope, it still presents significant risks in public spaces like cafes, airports, or office environments. The directory traversal vulnerability could allow malicious actors to create files in arbitrary locations with the permissions of the current user. 

This could potentially lead to the installation of malicious applications, data manipulation, or system instability.

The summary of the vulnerability is given below:

Patch Released – Time to Update!

Samsung has acknowledged the vulnerability and issued an update to correct it as part of their security maintenance schedule. 

“Samsung has issued an update to correct this vulnerability,” confirms the advisory. 

The fix is included in the December 2024 security maintenance release, which users are strongly encouraged to install.

The vulnerability was reported to Samsung on December 2, 2024, with a coordinated public release of the advisory occurring on April 9, 2025. 

This follows standard responsible disclosure protocols, giving Samsung time to develop and deploy a patch before public disclosure.

This is not the first security concern affecting Samsung’s file-sharing capabilities. Earlier this year, Google patched a similar Quick Share vulnerability (CVE-2024-10668) that could enable denial-of-service attacks or unauthorized file delivery. 

That vulnerability was a bypass for previously fixed issues in the QuickShell vulnerabilities disclosed in August 2024.

Samsung has been addressing multiple security vulnerabilities across its product line. The April 2025 security patch fixed over 60 issues, including 4 critical vulnerabilities.

Galaxy S24 users should verify they have the latest security updates installed by checking Settings > Software Update > Download and Install. 

Security experts recommend keeping automatic updates enabled and exercising caution when using Quick Share with unknown devices or on public networks.

Find this News Interesting! Follow us on Google News, LinkedIn, & X to Get Instant Updates!

The post Samsung Galaxy S24 Vulnerability Let Create Arbitrary Files on Affected Installations appeared first on Cyber Security News.