Samsung Users, Keep Your Eyes On The Software Update Section Of Your Phone

The Thing About Zero Days Is That The Patch Always Comes Later

Those who use Samsung phones should be cautious over the next few days, until Google can create a fix for yet anther new exploit.  The problem is in the hardware and can be used to first escalate privileges and then remotely execute arbitrary code on your phone.  While the official CVE doesn’t suggest it is being actively exploited, several researchers at Google have made use of it already, adding it to an attack making use of several other flaws.  While those particular flaws aren’t mentioned the context suggests they are already known and patched.  Check to see if you have any outstanding updates and check it frequently until this new patch is released.

This 8.1 out of 10 CVSS uses a flaw in memory management and how the device sets up page mapping, allowing an attacker to launch code from within the privileged cameraserver process.  To make life more difficult, once the modified code manages to make itself at home, it renames itself to the valid vendor.samsung.hardware.camera.provider@3.0-service.  So far no official word from Google nor Samsung apart from the CVE, hopefully that will change soon!