Google Uncovers 18 Zero-Day Vulnerabilities in Samsung’s Exynos Chipsets

The Project Zero team at Google has recently found and reported 18 zero-day vulnerabilities in Samsung’s Exynos chipsets, which are mainly used in:- 

Mobile devices Wearables Automobiles

Among the 18 zero-day vulnerabilities, four vulnerabilities were classified as the most serious, as they enabled remote code execution (RCE) over the internet to the baseband.

Project Zero researchers conducted tests that confirmed that the four vulnerabilities could be exploited remotely by an attacker in order to compromise a phone’s baseband without requiring any user interaction on the attacker’s part and with only the attacker knowing the victim’s phone number as the only condition.

In order to pull off the attack, all that is necessary is the victim’s phone number in order to get the job done. Moreover, it’s also possible for experienced attackers to effortlessly create exploits to remotely breach vulnerable devices without alerting the targets.

Affected Devices

Samsung Semiconductor announced in an advisory that these vulnerabilities affect Exynos chipsets, and the affected chipsets are primarily used in the following devices:-

Samsung Galaxy S22 Samsung Galaxy M33 Samsung Galaxy M13 Samsung Galaxy M12 Samsung Galaxy A71 Samsung Galaxy A53 Samsung Galaxy A33 Samsung Galaxy A21 Samsung Galaxy A13 Samsung Galaxy A12  Samsung Galaxy A04 Vivo S16 Vivo S15 Vivo S6 Vivo X70 Vivo X60  Vivo X30 Google Pixel 6 series Google Pixel 7 series Wearables using the Exynos W920 chipset Vehicles using the Exynos Auto T5123 chipset Patch Timelines

The patch timeline will completely vary

Read more

Explore the site

More from the blog

Latest News