Google's Project Zero team discovers 11 serious flaws in Samsung's Galaxy S6 Edge

Tech giant Google’s Project Zero team of hackers has identified 11 "high-impact" exploitable security flaws in Samsung's high-end Galaxy S6 Edge handset.

Reporting the discovery of as many as 11 exploitable security vulnerabilities in Samsung’s software, Google’s Project Zero team of elite hackers has revealed that the recently-detected flaws include "a substantial number of high-severity issues."

The details of all the 11 security flaws in Samsung’s Galaxy S6 Edge handset have been shared on the Project Zero blog and its database of closed flaws.

However, one of the most significant of the 11 flaws which affects Samsung’s Galaxy S6 Edge handset was discovered by Project Zero researcher Mark Brand. In July, Brand had informed Samsung about a directory traversal bug in the WifiHs20UtilityService of the Galaxy S6 Edge handset. The service in which Brand spotted the bug essentially scans for a zip file in /sdcard/Download/cred.zip and unzips it.

Meanwhile, another high-severity flaw found by the Project Zero team affects Samsung's email client, and is apparently quite easy to exploit. In an explanation of the flaw, Project Zero member Natalie Silvanovich said that a service used for supporting quick replies lacks authentication, and it thus allows an unprivileged application to potentially “access data that not even a privileged app should be able to access.”