Google draws attention to a series of critical security flaws in Samsung’s Exynos chips. Some of these flaws can be remotely exploited to completely compromise the phone without user intervention.
The 18 zero-day vulnerabilities affect a wide range of Android smartphones, including Samsung, Vivo, Google, wearables using the Exynos W920 chipset, and vehicles with the Exynos Auto T5123 chipset.
Attackers say four of the 18 flaws will allow Exynos W920 chipsets and vehicles to connect Samsung, Vivo, Google and wearables to the internet in late 2022 and early 2023. increase.
“[The] Four vulnerabilities allow an attacker to remotely compromise a phone without user intervention at the baseband level, requiring only the attacker to know the victim’s phone number,” said Google Project Zero. said Tim Willis, director of
By doing so, the threat actor may establish access to cellular information to and from the targeted device. Additional details regarding the bug are pending.
While the attack may sound difficult to execute, on the contrary, it is well within reach for a skilled attacker who can quickly devise operational exploits to compromise the affected device “silently and remotely.” is within reach of
The remaining 14 vulnerabilities are said to be less severe as they require an unauthorized mobile network insider or an attacker with local access to the device.
Discover the hidden dangers of third-party SaaS apps
Are you aware of the risks associated with third-party app access to your company’s SaaS apps? Join our webinar to learn about the types of permissions granted and how to minimize the risks.
reserve a seat
Pixel 6 and 7 handsets have already received the fix as part of the March 2023 security update, but other device patches are expected to vary depending on manufacturer timelines.
Until then, users are advised to turn off Wi-Fi Calling and Voice over LTE (VoLTE) in their device settings to “remove the risk of exploitation of these vulnerabilities.”
