Google warned users about vulnerabilities found in certain Samsung chips, including dozens of Android devices, wearables and vehicles.
Google’s Project Zero boss Tim Willis wrote in a blog post Thursday that security researchers have reported 18 zero-day vulnerabilities in Exynos modems manufactured by Samsung from late 2022 to early 2023.
Four of the most severe vulnerabilities allowed Internet-to-baseband remote code execution, allowing an attacker to “remotely compromise a baseband-level phone without user interaction and only require that the attacker know the victim’s phone number.”
“With limited additional research and development, we believe that experienced attackers would be able to quickly create an operational exploit to silently and remotely compromise affected devices,” Willis warned.
YOUTUBE RESTORE TRUMP’S CHANNEL, THE ABILITY TO UPLOAD NEW CONTENT AHEAD OF THE 2024 ELECTION
The Google logo is seen on a carpet in the lobby of Google France in Paris, November 18, 2019. (AP Photo/Michel Euler, file)
The 14 other vulnerabilities weren’t quite as severe, requiring either a malicious wireless operator or an attacker with local access to the device.
Willis said the affected products likely include Samsung S22, M33, M13, M12, A71, A53, A33, A21s, A13, A12 and A04 series handsets, as well as Vivo S16, S15, S6 series handsets. X70, X60 and X30 series. Also included were Google’s Pixel 6 and Pixel 7 series of devices, as well as all vehicles using the Exynos Auto T5123 chipset.
THE BEST BROWSER ALTERNATIVES FOR THE ONCE POPULAR, NOW RETIRED INTERNET EXPLORER
A large scale Google Pixel 7 advertisement outside London Bridge Station on November 17, 2022 in London, United Kingdom. ((Photo by Mike Kemp/In Pictures via Getty Images))
Google said patch schedules would vary by manufacturer. Project Zero researcher Maddie Stone tweeted that Samsung had 90 days to fix the bugs but hadn’t done so yet. The Pixel devices are already patched with the March security update.
A woman walks past an advertisement for the Samsung Galaxy S22 smartphone at the company’s Seocho building in Seoul, July 7, 2022. ((Photo by JUNG YEON-JE/AFP via Getty Images))
In the meantime, users who want to protect themselves from the baseband remote code execution vulnerabilities in the Post can disable Wi-Fi calling and Voice-over-LTE (VoLTE) in their device settings.
“As always, we encourage end users to update their devices as soon as possible to ensure they are running the latest builds that address both disclosed and undisclosed security vulnerabilities,” added Willis.
Source : www.foxnews.com