Security News > 2023 > March > Google Uncovers 18 Severe Security Vulnerabilities in Samsung Exynos Chips
Google is calling attention to a set of severe security flaws in Samsung's Exynos chips, some of which could be exploited remotely to completely compromise a phone without requiring any user interaction.
The 18 zero-day vulnerabilities affect a wide range of Android smartphones from Samsung, Vivo, Google, wearables using the Exynos W920 chipset, and vehicles equipped with the Exynos Auto T5123 chipset.
Four of the 18 flaws make it possible for a threat actor to achieve internet-to-baseband remote code execution, Google Project Zero, which reported the issues in late 2022 and early 2023, said.
"[The] four vulnerabilities allow an attacker to remotely compromise a phone at the baseband level with no user interaction, and require only that the attacker know the victim's phone number," Tim Willis, head of Google Project Zero, said.
The attacks might sound prohibitive to execute to the contrary, they are well within reach of skilled attackers, who can quickly devise an operational exploit to breach affected devices "Silently and remotely."
The remaining 14 flaws are said to be not as severe, as it necessitates a rogue mobile network insider or an attacker with local access to the device.
News URL
https://thehackernews.com/2023/03/google-uncovers-18-severe-security.html
Related news
- GoFetch security exploit can't be disabled on M1 and M2 Apple chips (source)
- Google Cloud/Cloud Security Alliance Report: IT and Security Pros Are ‘Cautiously Optimistic’ About AI (source)
- Ivanti vows to transform its security operating model, reveals new vulnerabilities (source)
- New Google Workspace feature prevents sensitive security changes if two admins don’t approve them (source)
- Google Cloud Next 2024: New Data Center Chip and Chrome Enterprise Premium Join the Ecosystem (source)
- Google Chrome: Security and UI Tips You Need to Know (source)
- OpenAI's GPT-4 can exploit real vulnerabilities by reading security advisories (source)
- BeyondTrust Report: Microsoft Security Vulnerabilities Decreased by 5% in 2023 (source)