web analytics

Warning: Samsung Devices Under Attack! New Security Flaw Exposed – Source:thehackernews.com

Rate this post

Source: thehackernews.com – Author: .

May 20, 2023Ravie LakshmananMobile Security / Cyber Attack

Samsung

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned of active exploitation of a medium-severity flaw affecting Samsung devices.

The issue, tracked as CVE-2023-21492 (CVSS score: 4.4), impacts select Samsung devices running Android versions 11, 12, and 13.

The South Korean electronics giant described the issue as an information disclosure flaw that could be exploited by a privileged attacker to bypass address space layout randomization (ASLR) protections.

ASLR is a security technique that’s designed to thwart memory corruption and code execution flaws by obscuring the location of an executable in a device’s memory.

Samsung, in an advisory released this month, said it was “notified that an exploit for this issue had existed in the wild,” adding it was privately disclosed to the company on January 17, 2023.

UPCOMING WEBINAR

Zero Trust + Deception: Learn How to Outsmart Attackers!

Discover how Deception can detect advanced threats, stop lateral movement, and enhance your Zero Trust strategy. Join our insightful webinar!

Save My Seat!

Other details about how the flaw is being exploited are currently not known, but vulnerabilities in Samsung phones have been weaponized by commercial spyware vendors in the past to deploy malicious software.

Back in August 2020, Google Project Zero also demonstrated a remote zero-click MMS attack that leveraged two buffer overwrite flaws in the Quram qmg library (SVE-2020-16747 and SVE-2020-17675) to defeat ASLR and achieve code execution.

In light of active abuse, CISA has added the shortcoming to its Known Exploited Vulnerabilities (KEV) catalog, alongside two Cisco IOS flaws (CVE-2004-1464 and CVE-2016-6415), urging Federal Civilian Executive Branch (FCEB) agencies to apply patches by June 9, 2023.

Last week, CISA also added seven vulnerabilities to the KEV catalog, the oldest of which is a 13-year-old bug impacting Linux (CVE-2010-3904) that allows an unprivileged local attacker can escalate their privileges to root.

Update

A tracking spreadsheet maintained by Google Project Zero documenting known cases of detected zero-day exploits shows that the Samsung security vulnerability was discovered by Clement Lecigne of the Google Threat Analysis Group (TAG), indicating likely abuse in connection with a spyware campaign.


Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Original Post url: https://thehackernews.com/2023/05/samsung-devices-under-active.html

Category & Tags: –

Views: 0

LinkedIn
Twitter
Facebook
WhatsApp
Email

advisor pick´S post