Some Samsung smartphones were reportedly carrying a precocious severity vulnerability successful their processors, allowing threat actors to escalate privileges and perchance driblet malware connected nan devices.
Cybersecurity researchers from Google’s Threat Analysis Group (TAG) recovered nan flaw and reported it to Samsung, which addressed nan vulnerability connected October 7, pinch a spot and a follow-up information advisory.
In nan advisory, nan flaw was described arsenic an use-after-free vulnerability, tracked arsenic CVE-2024-44068, pinch a severity people of 8.1 (high-severity), recovered successful Samsung Exynos mobile processors versions 9820, 9825, 980, 990, 850, and W920.
Vulnerability chain
Samsung phones that are powered by these chips see parts of nan S10 series, Note 10 and 10+, nan S20 series, arsenic good arsenic Samsung Galaxy A51 5G and Samsung Galaxy A71 5G. The Exynos W920 is chiefly utilized successful wearable devices for illustration Samsung's Galaxy Watch series.
TAG’s researchers suggested that nan vulnerability is being exploited successful nan wild, arsenic portion of a larger concatenation that makes usage of different bugs, arsenic well.
"This 0-day utilization is portion of an EoP chain," TAG said successful its method write-up. "The character is capable to execute arbitrary codification successful a privileged cameraserver process. The utilization besides renamed nan process sanction itself to 'vendor.samsung.hardware.camera.provider@3.0-service,' astir apt for anti-forensic purposes." There was nary mention of different vulnerabilities exploited arsenic portion of nan chain.
Google’s researchers did not talk nan personality of nan miscreants abusing this flaw. However, it’s worthy mentioning TAG usually tracks nation-states and state-sponsored threat actors, truthful it is safe to presume that this bug was abused by a akin team, too.
Nation-states usually prosecute successful cyber-espionage and personality theft, truthful it is imaginable that whoever abused this flaw, tried to driblet an infostealer, aliases a tracker, onto a Samsung device.
More from TechRadar Pro
- Samsung is offering up to $1 cardinal to anyone who tin find information flaws successful its software
- Here's a database of nan best firewalls today
- These are nan best endpoint protection tools correct now