A series of 18 security vulnerabilities has been identified on Samsung, Google Pixel and vivo smartphones and connected watches carrying an Exynos modem.
Security researchers from the Google-funded Project Zero team discovered 18 zero-day vulnerabilities in Samsung’s Exynos modems. These are fitted to many smartphones on the market, including some very popular models.
Vulnerable Galaxy, Pixel and vivo smartphones and connected watches
Among the big names affected by this series of security vulnerabilities, we find the Galaxy S22, Samsung’s top of the range released in early 2022, as well as the smartphones of the Pixel 6 and Pixel 7 series, the latest generations of Google mobiles, including the Tensor chip is based on the Exynos SoC architecture.
Mid-range Samsung Galaxy M33, M13, M12, A71, A53, A33, A21, A13, A12 and A04 terminals are also affected by the problem, as are some phones from the vivo brand of the S16, S15, S6, X70 series. , X60 and X30.
Project Zero warns, however, that smartphones are not the only vulnerable devices and that other types of products embedding Exynos components are also victims of these security flaws. Mentioned are connected watches powered by the Exynos W920 and vehicles with an Exynos Auto T5123.
4 flaws allow remote code execution without user interaction
Cybersecurity experts explain that out of the 18 vulnerabilities discovered, four of them can allow hackers to execute malicious code remotely. This gives them the opportunity to remotely compromise a phone […] without user interaction “. They point out that these security flaws only require the attacker to know the victim’s phone number. From there, he will be able to steal sensitive data and take control of the device.
” We believe that skilled attackers would be able to quickly create a working exploit to compromise the affected devices silently and remotely. fears Project Zero.
Google has already rolled out the CVE-2023-24033 fix in its March security patch, which we recommend you install immediately on your Pixel if you haven’t already. For others, Project Zero recommends disabling Wi-Fi and VoLTE calls until a fix is offered by manufacturers.
Source : Project Zero
1