Rita El Khoury / Android Authority
TL;DR
- Google found a extreme vulnerability in sure older Samsung Exynos processors that hackers are actively exploiting.
- The flaw permits attackers to realize management over affected gadgets, doubtlessly accessing delicate features remotely.
- Samsung has acknowledged the flaw and issued an October safety patch to repair it.
Google’s safety workforce has simply revealed a extreme vulnerability of sure Samsung telephones, and hackers are already exploiting it. Google’s Risk Evaluation Group (TAG) uncovered this exploit, detailing how attackers are leveraging a bug inside Samsung’s processors to realize unauthorized entry and execute arbitrary code on gadgets. (h/t: The Register)
The vulnerability, recognized as CVE-2024-44068, targets Samsung’s cell processors, together with older fashions like Exynos 9820, 9825, 980, 990, 850, and W920. This vulnerability might influence quite a lot of Samsung gadgets, particularly older fashions just like the Galaxy S10 and Word 10 sequence. Samsung has launched a patch as a part of its October 7 safety upkeep replace, however older gadgets would possibly miss out on this safety in the event that they lack common software program assist.
What’s the safety flaw?
Think about your telephone’s reminiscence as a busy workplace constructing. When a job is completed, it’s supposed to shut its workplace door and filter out. However this flaw is like leaving the door huge open after everybody leaves. Technically talking, it’s known as a “use-after-free” vulnerability. This implies the reminiscence isn’t correctly cleared after a course of finishes, permitting hackers to sneak in and doubtlessly take management of your telephone.
Google’s safety researchers, Xingyu Jin and Clement Lecigene, not solely found this flaw but in addition discovered proof that hackers are actively exploiting it. They’re basically utilizing this “unlocked room” to realize larger privileges in your telephone and execute malicious code.
Apparently, this isn’t the one current safety concern Samsung has addressed. October’s safety patch additionally focused 5 essential vulnerabilities in Galaxy-specific firmware that affected media dealing with processes. In each instances, Samsung’s {hardware} driver processes — particularly for digicam providers — seem to have been focused, with the flaw able to renaming processes to obscure malicious exercise.
In an announcement to The Register, Samsung confirmed its consciousness of the difficulty and stated that it had begun rolling out patches by way of its month-to-month safety updates. “Samsung is dedicated to offering the best degree of safety for our customers,” a spokesperson acknowledged, advising customers to maintain their gadgets up-to-date with the most recent updates.
This information is very regarding for older gadgets that may not be receiving common software program updates anymore. In case your telephone is affected and hasn’t been receiving month-to-month safety patches anymore, it’s best to take into account upgrading to a more moderen mannequin to make sure your information and privateness stay protected.
