Update now! Critical flaw allows remote attacks on Samsung phones
What's the story
Google's security researchers have sounded the alarm over a critical vulnerability in Samsung's mobile processors. The bug, which has been tracked as CVE-2024-44068, impacts multiple generations of the Exynos chips powering Samsung smartphones. This high-severity flaw has been leveraged by malicious actors to escalate privileges and run arbitrary code remotely on the devices.
Flaw specifics
Samsung's Exynos vulnerability: A detailed look
The vulnerability in question lies in the memory management of Samsung's Exynos chips and the way their device driver sets up page mapping. It specifically affects Exynos versions 9820, 9825, 980, 990, 850, and W920. The bug has been given an 8.1 out of 10 CVSS severity rating by Samsung in its brief security advisory on October 7.
Exploit chain
Google researchers reveal exploitation of the flaw
Google security researchers Xingyu Jin and Clement Lecigene have found that this vulnerability is being exploited as part of an attack chain to execute code on users' phones. The duo said, "This 0-day exploit is part of an EoP (Elevation of Privilege) chain." They further explained, "The actor is able to execute arbitrary code in a privileged cameraserver process. The exploit also renamed the process name itself to 'vendor.samsung.hardware.camera.provider@3.0-service,' probably for anti-forensic purposes."
Information
Samsung's response to chip issue
In light of the discovery of this security flaw, Samsung released a patch earlier this month. While the company's advisory did not note any cases of attackers exploiting this vulnerability, users are advised to install the latest security patch on their devices.