Google’s Project Zero team has discovered 18 zero-day vulnerabilities in certain Samsung Exynos chipsets – leading attackers to compromise devices remotely.
While some require local access, others need just a phone number to attack so! Mobile devices, automobiles, and wearables using the Exynos chips are at risk. Though Samsung released the patches for these bugs – the end OEMs are yet to pass them to their users.
Security Bugs in Samsung Chips
Google’s Project Zero has identified 18 zero-day bugs in the Samsung Exynos chips – all reported between late 2022 and early 2023. Four of the 18 zero-day bugs were termed serious, enabling RCE attacks from the device’s Internet to the baseband.
Researchers note that the Exynos “baseband software does not properly check the format types of the accept-type attribute specified by the SDP,” leading to DoS or RCE attacks. What’s more intriguing here is the initial vector needed for an attacker is just the target’s phone number to pull the attack.
End-users still don’t have patches 90 days after report…. https://t.co/dkA9kuzTso — Maddie Stone (@maddiestone) March 16, 2023
