Samsung Users, Keep Your Eyes On The Software Update Section Of Your Phone

The Thing About Zero Days Is That The Patch Always Comes Later
Those who use Samsung phones should be cautious over the next few days, until Google can create a fix for yet anther new exploit. The problem is in the hardware and can be used to first escalate privileges and then remotely execute arbitrary code on your phone. While the official CVE doesn’t suggest it is being actively exploited, several researchers at Google have made use of it already, adding it to an attack making use of several other flaws. While those particular flaws aren’t mentioned the context suggests they are already known and patched. Check to see if you have any outstanding updates and check it frequently until this new patch is released.
This 8.1 out of 10 CVSS uses a flaw in memory management and how the device sets up page mapping, allowing an attacker to launch code from within the privileged cameraserver process. To make life more difficult, once the modified code manages to make itself at home, it renames itself to the valid vendor.samsung.hardware.camera.provider@3.0-service. So far no official word from Google nor Samsung apart from the CVE, hopefully that will change soon!
The Register reached out to Samsung for more information about the flaw and in-the-wild exploits, but did not immediately receive a response. We will update this story when we hear back.
More Tech News From Around The Web
- Mandiant says new Fortinet flaw has been exploited since June @ Bleeping Computer
- IPv6 may already be irrelevant – but so is moving off IPv4, argues APNIC’s chief scientist @ The Register
- Cable companies ask 5th Circuit to block FTC’s click-to-cancel rule @ Ars Technica
- Adobe Made Its Painting App Completely Free To Take On Procreate @ Slashdot
- Samsung Galaxy S24 and Sonos Era hacked on Pwn2Own Ireland Day 2 @ Bleeping Computer
- LinkedIn Fined More Than $300 Million in Ireland Over Personal Data Processing @ Slashdot
- Linus Torvalds affirms expulsion of Russian maintainers @ The Register