Google’s Project Zero discovered and reported 18 zero-day vulnerabilities in Samsung’s Exynos chipsets used in mobile devices, wearables and cars. The manufacturer has provided security updates to the vendors, but the patches are not public and cannot be applied by all affected users.
Four of the vulnerabilities allow remote code execution from the Internet to the baseband and were identified as the most serious. in this way Attackers can remotely compromise vulnerable devices without user interaction, simply by needing the victim’s phone number.
The other 14 flaws are not so critical but still pose a risk. They allow the attacker to execute malicious code at the modem level of the affected device; this can lead to a number of attacks on communications such as eavesdropping, call recording, data theft and more.
vulnerable devices
Exynos chips, which are affected by Samsung’s security vulnerabilities, are not yet included in vehicles circulating in Brazil. However, the semiconductor equips several smartphones popular in the country. Check out the list of some affected products:
- Samsung A13, A12 and A04 smartphones and tablets, as well as Galaxy S22, M33, M13, M12, A71, A53, A33, A21s series;
- Vivo’s mobile devices such as S16, S15, S6, X70, X60 and X30 series;
- Google Pixel 6 and Pixel 7 phones.
- Wearables with Exynos W920 chipset
How do you protect yourself from threats?
Until security updates become available, users who want Protection from remote code execution vulnerabilities in Samsung’s Exynos could disable Wi-Fi calling and Voice over LTE (VoLTE) in device settings. Disabling these settings will eliminate the risk of exploiting the most serious flaws.
Source: Tec Mundo
I am a passionate and hardworking journalist with an eye for detail. I specialize in the field of news reporting, and have been writing for Gadget Onus, a renowned online news site, since 2019. As the author of their Hot News section, I’m proud to be at the forefront of today’s headlines and current affairs.
