web analytics

Samsung Patches Memory Address Randomization Bypass Flaw – Source: www.govinfosecurity.com

Rate this post

Source: www.govinfosecurity.com – Author: 1

Endpoint Security
,
Governance & Risk Management
,
Patch Management

Flaw Was Exploited in Chain of Zero-Days Used to Implant Commercial Spyware

Mihir Bagwe (MihirBagwe) •
May 22, 2023    

Samsung Patches Memory Address Randomization Bypass Flaw
Samsung headquarters in Suwon, a city in South Korea, in a 2017 photo (Image: Shutterstock)

Android smartphone device manufacturer Samsung has a patch for a flaw used by commercial surveillance hackers to implant malware in the United Arab Emirates.

See Also: Live Webinar | Education Cybersecurity Best Practices: Devices, Ransomware, Budgets and Resources

Security researchers at Google and Amnesty International in March reported an exploit chain apparently developed by Barcelona spyware vendor Variston to deploy a surveillance malware to devices located in the UAE.

The exploit chain took advantage of multiple zero-days, some of which Samsung, Google and chipmaker ARM have already fixed. Samsung this month is patching one of the remaining kernel information leak bugs used in the exploit chain. In an advisory, the company CVE-2023-21492. In an advisory, it said it is aware that “an exploit for this issue had existed in the wild.”

The U.S. Cybersecurity and Infrastructure Security Agency on Friday gave federal agencies until June 9 to patch affected Samsung-made Android devices and added the flaw to its Known Exploited Vulnerabilities Catalog.

The flaw allowed attackers to overcome Android’s address space layout randomization security feature that randomizes the location of system executables in memory. The randomization is a bid to stop buffer overflow attacks from being successful.

The flaw exploited by hackers was that Samsung printed kernel pointers in the log file. It is present in unpatched versions of Samsung Android 11, 12 and 13 devices.

Original Post URL: https://www.govinfosecurity.com/samsung-patches-memory-address-randomization-bypass-flaw-a-22139

Category & Tags: –

Views: 0

LinkedIn
Twitter
Facebook
WhatsApp
Email

advisor pick´S post