Security News > 2023 > May > CISA warns of Samsung ASLR bypass flaw exploited in attacks
CISA warned today of a security vulnerability affecting Samsung devices used in attacks to bypass Android address space layout randomization protection.
The exposed info can be used by local attackers with high privileges to conduct an ASLR bypass which could enable the exploitation of memory-management issues.
While Samsung didn't provide details about CVE-2023-21492 exploitation, such security vulnerabilities are often abused as part of complex exploit chains in highly-targeted attacks.
In March, Google's Threat Analysis Group and Amnesty International exposed two recent series of attacks employing exploit chains of Android, iOS, and Chrome flaws to install commercial spyware, with one of the campaigns targeting Samsung users in the United Arab Emirates.
U.S. Federal Civilian Executive Branch Agencies have been given a three-week deadline, until June 9, to secure their Samsung Android devices against attacks exploiting CVE-2023-21492 after CISA added the vulnerability on Friday to its catalog of Known Exploited Vulnerabilities.
While primarily aimed at U.S. federal agencies, it is strongly recommended that private companies also prioritize addressing vulnerabilities listed in the cybersecurity agency's list of bugs exploited in attacks.
News URL
Related news
- CISA says critical Fortinet RCE flaw now exploited in attacks (source)
- EDRSilencer red team tool used in attacks to bypass security (source)
- CISA Adds ScienceLogic SL1 Vulnerability to Exploited Catalog After Active Zero-Day Attack (source)
- Samsung phone users under attack, Google warns (source)
- CISA warns of critical Palo Alto Networks bug exploited in attacks (source)
- CISA warns of more Palo Alto Networks bugs exploited in attacks (source)
- CISA Flags Two Actively Exploited Palo Alto Flaws; New RCE Attack Confirmed (source)
- CISA tags Progress Kemp LoadMaster flaw as exploited in attacks (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-05-04 | CVE-2023-21492 | Information Exposure Through Log Files vulnerability in Samsung Android 11.0/12.0/13.0 Kernel pointers are printed in the log file prior to SMR May-2023 Release 1 allows a privileged local attacker to bypass ASLR. | 4.4 |