What you need to know
- Samsung has released security patches for several vulnerabilities affecting certain Exynos modems and chips.
- This fix was released as part of the March 2023 Security Updates.
- A security flaw exposed recent Galaxy phones and other Android handsets to remote code execution from the Internet to the baseband.
Google recently discovered a nasty bug in Samsung’s Exynos modems. This allows hackers to hijack a phone simply by knowing the phone number. The South Korean tech giant has confirmed that these security flaws have been fixed.
A Samsung community moderator has revealed that the Exynos modem vulnerability has been patched as part of the March 2023 security update. This confirmation came in response to his Samsung user who participated in the company’s community forums. (opens in new tab) Report Wi-Fi Calling Vulnerability (via Android Authority) (opens in new tab)).
“After determining that six vulnerabilities could affect select Galaxy devices, none were ‘critical.’ Samsung released security patches for five of these in March. “Another security patch will be released in April to address the remaining vulnerabilities.”
It’s very interesting that the Samsung Community Manager claimed that none of the vulnerabilities were critical. Earlier this month, Google’s Project Zero team revealed four of the 18 zero-day vulnerabilities in Samsung’s Exynos modems are severe. Security researchers claimed that malicious individuals could exploit this flaw to remotely and covertly control vulnerable devices.
Affected Exynos modems have been found on many of Samsung’s flagship phones, including the Galaxy S22 series, Galaxy A53, and earlier models. Google’s recent flagship phones, including the Pixel 6 and Pixel 7 lineup, were also affected, though the latter was fixed in his March update.
Recent Vivo models in the flagship and mid-range categories were also at risk, as were wearable devices powered by the Exynos W920 chipset and vehicles using the Exynos Auto T5123 processor.
If your phone or smartwatch is on the list of affected devices, you should download and install the latest security updates, assuming they are available. The remaining security bugs should be patched in April.
