The founder of Oversecured company specializing in Android OS security, security researcher Sergey Toshin, announced the discovery of two vulnerabilities in Samsung smartphones. The first one allows to install third-party applications and provide them device administrator rights.

“0day on all Samsung devices: installing third-party apps and providing them device administrator rights (no permissions required). However, it leads to the removal of all other programs,” - Toshin said on his Twitter.

The second vulnerability allows to read files "owned by UID 1001 (telephony), including SMS, MMS and phone call history databases."

Source: securitylab.ru