An analysis from mobile security startup Oversecured showed that pre-installed apps in Samsung's Android devices contained seven critical security vulnerabilities, which could have provided hackers access and control to users' devices, reports The Hacker News.

Among the vulnerabilities are a third-party authentication bypass in Managed Provisioning, tracked as CVE-2021-25356; an arbitrary app installation flaw in Knox Core, tracked as CVE-2021-25388; intent redirection flaws in PhotoTable and Secure Folder, tracked as CVE-2021-25390 and CVE-2021-25391, respectively; a notification policy file flaw in DeX, tracked as CVE-2021-25392; an arbitrary read/write access flaw in the Settings app, tracked as CVE-2021-25393; and an arbitrary file write vulnerability in TelephonyUI, tracked as CVE-2021-25397.

"The impact of these bugs could have allowed an attacker to access and edit the victim's contacts, calls, SMS/MMS, install arbitrary apps with device administrator rights, or read and write arbitrary files on behalf of a system user which could change the device's settings," said Oversecured founder Sergey Toshin, who reported the vulnerabilities in February. Samsung addressed the flaws in its April and May security updates.