CertiK is recognized by Samsung for the third time for discovering a high-severity vulnerability in the Blockchain Keystore
NEW YORK, Nov. 06, 2024 (GLOBE NEWSWIRE) — CertiK, the industry-leading Web3 security firm, was once again recognized by Samsung in its latest Mobile Security Update for identifying a high-severity vulnerability in Samsung Blockchain Keystore. Samsung’s keystore leverages mobile hardware security to provide strong protection for private key storage and signing.
November 5, 2024 marks the third time CertiK has been publicly recognized by Samsung. During CertiK’s recent work with Samsung, its security experts identified the following vulnerability and exposure, SVE-2024-1517(CVE-2024-49406): Improper validation of integrity check value in Blockchain Keystore.
CVE-2024-49406 addresses an improper validation of the integrity check value in the Blockchain Keystore prior to version 1.3.16, which could have allowed local attackers with root privileges to modify transactions.
To strengthen the Blockchain Keystore’s security, version 1.3.16 includes a patch that reinforces validation checks, reducing the risk of transaction tampering by unauthorized users. While root access was required to exploit this vulnerability, this update now provides an added layer of protection, ensuring a more secure environment for all blockchain participants.
These efforts by CertiK and Samsung underscore a shared commitment to safeguarding the Web3 community and reinforcing trust in decentralized technologies.
CertiK is dedicated to pioneering security measures with a deep-seated commitment to protecting its clients. By cultivating a culture of trust and innovation, CertiK aims to set new cybersecurity benchmarks and exceed expectations by customers who rely on its products for safety and security.
CONTACT: Contact Elisa Yiting Xu Yiting.xu@certik.com