The US Cybersecurity and Infrastructure Security Agency (CISA) has warned that a medium-severity flaw affecting Samsung devices is being actively exploited.
This issue is tracked as CVE-2023-21492 (CVSS score: 4.4) and affects some Samsung devices running Android versions 11, 12, and 13.
A major South Korean electronics company described the issue as an information disclosure flaw that privileged attackers could exploit to bypass Address Space Layout Randomization (ASLR) protections.
ASLR is a security technique designed to thwart memory corruption and code execution flaws by obfuscating the location of executables in device memory.
In an advisory issued earlier this month, Samsung said it was “informed that an exploit for this issue actually exists,” adding that it was disclosed privately to the company on January 17, 2023. .
Zero Trust + Deception: Learn How to Outsmart Attackers!
See how Deception can detect advanced threats, stop lateral movement, and strengthen your Zero Trust strategy. Join us for an insightful webinar!
Reserve your seat!
Other details about how this flaw could be exploited are unknown at this time, but vulnerabilities in Samsung phones have been weaponized in the past by commercial spyware vendors to deploy malicious software.
Back in August 2020, Google Project Zero exploited two buffer overwrite flaws (SVE-2020-16747 and SVE-2020-17675) in the Quram qmg library to defeat ASLR and achieve code execution. We also demonstrated a remote zero-click MMS attack.
In light of its active exploitation, CISA has added this flaw to its Known Exploited Vulnerabilities (KEV) catalog along with two Cisco IOS flaws (CVE-2004-1464 and CVE-2016-6415), Federal Civilian Executive (FCEB) agencies have until June 9, 2023 to apply the patch.
CISA also added seven vulnerabilities to the KEV catalog last week. The oldest of these is his 13-year-old bug (CVE-2010-3904) affecting Linux that allows an unprivileged local attacker to elevate privileges to root.
