Security News > 2023 > March > Google Uncovers 18 Severe Security Vulnerabilities in Samsung Exynos Chips
Google is calling attention to a set of severe security flaws in Samsung's Exynos chips, some of which could be exploited remotely to completely compromise a phone without requiring any user interaction.
The 18 zero-day vulnerabilities affect a wide range of Android smartphones from Samsung, Vivo, Google, wearables using the Exynos W920 chipset, and vehicles equipped with the Exynos Auto T5123 chipset.
Four of the 18 flaws make it possible for a threat actor to achieve internet-to-baseband remote code execution, Google Project Zero, which reported the issues in late 2022 and early 2023, said.
"[The] four vulnerabilities allow an attacker to remotely compromise a phone at the baseband level with no user interaction, and require only that the attacker know the victim's phone number," Tim Willis, head of Google Project Zero, said.
The attacks might sound prohibitive to execute to the contrary, they are well within reach of skilled attackers, who can quickly devise an operational exploit to breach affected devices "Silently and remotely."
The remaining 14 flaws are said to be not as severe, as it necessitates a rogue mobile network insider or an attacker with local access to the device.
News URL
https://thehackernews.com/2023/03/google-uncovers-18-severe-security.html
Related news
- Google claims Big Sleep 'first' AI to spot freshly committed security bug that fuzzing missed (source)
- HPE Issues Critical Security Patches for Aruba Access Point Vulnerabilities (source)
- Decades-Old Security Vulnerabilities Found in Ubuntu's Needrestart Package (source)
- Google's AI-Powered OSS-Fuzz Tool Finds 26 Vulnerabilities in Open-Source Projects (source)
- Unlocking Google Workspace Security: Are You Doing Enough to Protect Your Data? (source)
- Ivanti Issues Critical Security Updates for CSA and Connect Secure Vulnerabilities (source)