Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Google Uncovers 18 Severe Security Vulnerabilities in Samsung Exynos Chips
#1
https://thehackernews.com/2023/03/google...urity.html        Google Uncovers 18 Severe Security Vulnerabilities in Samsung Exynos Chips
Mar 17, 2023 Ravie Lakshmanan Mobile Security / Firmware      Google is calling attention to a set of severe security flaws in Samsung's Exynos chips, some of which could be exploited remotely to completely compromise a phone without requiring any user interaction.

The 18 zero-day vulnerabilities affect a wide range of Android smartphones from Samsung, Vivo, Google, wearables using the Exynos W920 chipset, and vehicles equipped with the Exynos Auto T5123 chipset.

Four of the 18 flaws make it possible for a threat actor to achieve internet-to-Samsung, Vivo, and Google, as well as wearables using the Exynos W920 chipset and vehicleses in late 2022 and early 2023, said.

"[The] four vulnerabilities allow an attacker to remotely compromise a phone at the baseband level with no user interaction, and require only that the attacker know the victim's phone number," Tim Willis, head of Google Project Zero, said.

In doing so, a threat actor could gain entrenched access to cellular information passing in and out of the targeted device. Additional details about the bugs have been withheld.

The attacks might sound prohibitive to execute, but, to the contrary, they are well within reach of skilled attackers, who can quickly devise an operational exploit to breach affected devices "silently and remotely."

The remaining 14 flaws are said to be not as severe, as it necessitates a rogue mobile network insider or an attacker with local access to the device.

While Pixel 6 and 7 handsets have already received a fix as part of March 2023 security updates, patches for other devices are expected to vary depending on the manufacturer's timeline.

Until then, users are recommended to switch off Wi-Fi calling and Voice over LTE (VoLTE) in their device settings to "remove the exploitation risk of these vulnerabilities."
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Vulnerabilities in WatchGuard, Panda Security Products Lead to Code Execution mrtrout 0 423 02-04-2024 , 06:49 AM
Last Post: mrtrout
  Google Patches 48 Vulnerabilities With First Set of 2022 Android Updates mrtrout 0 538 01-06-2022 , 12:48 AM
Last Post: mrtrout
  Abode IoT Security Camera Vulnerabilities Bitdefender mrtrout 0 441 01-01-2022 , 06:59 AM
Last Post: mrtrout
  Microsoft and Google release urgent browser security update for Risk Level 4 Drive-b mrtrout 0 701 08-23-2021 , 09:13 AM
Last Post: mrtrout
  Google releases Chrome 90 with HTTPS by default and security fixes Imran 0 975 04-15-2021 , 03:00 PM
Last Post: Imran

Forum Jump:


Users browsing this thread: 1 Guest(s)