Security News > 2023 > May > CISA warns of Samsung ASLR bypass flaw exploited in attacks

CISA warns of Samsung ASLR bypass flaw exploited in attacks
2023-05-19 19:07

CISA warned today of a security vulnerability affecting Samsung devices used in attacks to bypass Android address space layout randomization protection.

The exposed info can be used by local attackers with high privileges to conduct an ASLR bypass which could enable the exploitation of memory-management issues.

While Samsung didn't provide details about CVE-2023-21492 exploitation, such security vulnerabilities are often abused as part of complex exploit chains in highly-targeted attacks.

In March, Google's Threat Analysis Group and Amnesty International exposed two recent series of attacks employing exploit chains of Android, iOS, and Chrome flaws to install commercial spyware, with one of the campaigns targeting Samsung users in the United Arab Emirates.

U.S. Federal Civilian Executive Branch Agencies have been given a three-week deadline, until June 9, to secure their Samsung Android devices against attacks exploiting CVE-2023-21492 after CISA added the vulnerability on Friday to its catalog of Known Exploited Vulnerabilities.

While primarily aimed at U.S. federal agencies, it is strongly recommended that private companies also prioritize addressing vulnerabilities listed in the cybersecurity agency's list of bugs exploited in attacks.


News URL

https://www.bleepingcomputer.com/news/security/cisa-warns-of-samsung-aslr-bypass-flaw-exploited-in-attacks/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-05-04 CVE-2023-21492 Information Exposure Through Log Files vulnerability in Samsung Android 11.0/12.0/13.0
Kernel pointers are printed in the log file prior to SMR May-2023 Release 1 allows a privileged local attacker to bypass ASLR.
local
low complexity
samsung CWE-532
4.4

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Samsung 1717 164 352 239 86 841