Rita El Khoury / Android Authority
TL;DR
- Google found a extreme vulnerability in sure older Samsung Exynos processors that hackers are actively exploiting.
- The flaw permits attackers to achieve management over affected gadgets, doubtlessly accessing delicate features remotely.
- Samsung has acknowledged the flaw and issued an October safety patch to repair it.
Google’s safety workforce has simply revealed a extreme vulnerability of sure Samsung telephones, and hackers are already exploiting it. Google’s Menace Evaluation Group (TAG) uncovered this exploit, detailing how attackers are leveraging a bug inside Samsung’s processors to achieve unauthorized entry and execute arbitrary code on gadgets. (h/t: The Register)
The vulnerability, recognized as CVE-2024-44068, targets Samsung’s cellular processors, together with older fashions like Exynos 9820, 9825, 980, 990, 850, and W920. This vulnerability might influence a wide range of Samsung gadgets, particularly older fashions just like the Galaxy S10 and Word 10 collection. Samsung has launched a patch as a part of its October 7 safety upkeep replace, however older gadgets would possibly miss out on this safety in the event that they lack common software program assist.
What’s the safety flaw?
Think about your cellphone’s reminiscence as a busy workplace constructing. When a activity is completed, it’s supposed to shut its workplace door and filter. However this flaw is like leaving the door large open after everybody leaves. Technically talking, it’s referred to as a “use-after-free” vulnerability. This implies the reminiscence isn’t correctly cleared after a course of finishes, permitting hackers to sneak in and doubtlessly take management of your cellphone.
Google’s safety researchers, Xingyu Jin and Clement Lecigene, not solely found this flaw but additionally discovered proof that hackers are actively exploiting it. They’re primarily utilizing this “unlocked room” to achieve increased privileges in your cellphone and execute malicious code.
Apparently, this isn’t the one latest safety problem Samsung has addressed. October’s safety patch additionally focused 5 crucial vulnerabilities in Galaxy-specific firmware that affected media dealing with processes. In each circumstances, Samsung’s {hardware} driver processes — particularly for digital camera providers — seem to have been focused, with the flaw able to renaming processes to obscure malicious exercise.
In an announcement to The Register, Samsung confirmed its consciousness of the difficulty and stated that it had begun rolling out patches by way of its month-to-month safety updates. “Samsung is dedicated to offering the very best stage of safety for our customers,” a spokesperson said, advising customers to maintain their gadgets up-to-date with the newest updates.
This information is particularly regarding for older gadgets that may not be receiving common software program updates anymore. In case your cellphone is affected and hasn’t been receiving month-to-month safety patches anymore, you must take into account upgrading to a more recent mannequin to make sure your information and privateness stay protected.