A bug in Samsung’s Exynos baseband modems is so exploitable, Google’s Undertaking Zero has made the bizarre determination to hide particulars of the vulnerability.
Undertaking Zero advises homeowners of affected units to disable Wi-Fi calling and Voice-over-LTE (VoLTE) till a firmware improve arrives, to dam the “internet-to-baseband” assault vector.
In its advisoryUndertaking Zero stated the vulnerabilities “enable an attacker to remotely compromise a telephone on the baseband degree with no consumer interplay, and require solely that the attacker know the sufferer’s telephone quantity.
“With restricted further analysis and improvement, we consider that expert attackers would be capable to shortly create an operational exploit to compromise affected units silently and remotely.”
The 4 vital vulnerabilities are CVE-2023-24033 and three different vulnerabilities which have but to be assigned CVE-IDs.
There are one other fourteen much less critical bugs, CVE-2023-26072, CVE-2023-26073, CVE-2023-26074, CVE-2023-26075, CVE-2023-26076 and 9 different vulnerabilities which might be but to be assigned CVE-IDs.
Affected telephones embrace Samsung S22, M33, M13, M12, A71, A53, A33, A21, A13, A12 and A04 mobiles; Vivo S16, S15, S6, X70, X60 and X30 sequence mobiles; Google’s Pixel 6 and Pixel 7 sequence; together with any wearables that use the Exynos W920 chipset; and any autos that use the Exynos Auto T5123 chipset.
Samsung is but to ship up to date firmware, and so far, has only disclosed the 5 much less critical vulnerabilities.
