Google discovered dozens of Android devices can be compromised without any user interaction necessary due a multiple zero-day vulnerabilities in Samsung's Exynos modems. The affected devices includesmartphones,wearables, and evenvehicles.
AsTechCrunch reports(Opens in a new window),共有18个零日漏洞discovered by Google's Project Zero team of security analysts. Four of those are severe enough to allow for Internet-to-basedband remote code execution, which means an attacker only needs a victim's phone number to compromise their handset—no user interaction is necessary.
Tim Willis, head of Project Zero, explains in ablog post(Opens in a new window)that, "With limited additional research and development, we believe that skilled attackers would be able to quickly create an operational exploit to compromise affected devices silently and remotely."
As the vulnerabilities are found in Exynos modems, dozens of devices are affected. Google provided the following list of products that can be compromised:
Google's own Pixel 6, Pixel 6 Pro, Pixel 6a,Pixel 7, andPixel 7 Pro
Samsung devices in theS22, M33, M13, M12, A71, A53, A33, A21, A13, A12, and A04 series
Vivo devices in the S16, S15, S6, X70, X60 and X30 series
Any wearables using the Exynos W920 chipset
Any vehicles using the Exynos Auto T5123 chipset
Maddie Stone, a security researcher on the Project Zero team,confirmed in a tweet(Opens in a new window)that Samsung was given 90 days to release a patch, but none has been forthcoming.
As there is such a wide range of devices impacted by these vulnerabilities, the patch timeline is going to vary. Google included a fix for Pixel devices in theMarch 2023 security update(Opens in a new window),但它需要安装and some Pixel models are still waiting for it to arrive (Pixel 6, Pixel 6 Pro, andPixel 6a).
If you own one of the affected devices and don't want to wait for a security patch, Google advises you to turn off Wi-Fi calling and Voice-over-LTE (VoLTE) in your device settings. It's also worth checking to see if your device has any updates waiting to be installed.
Regarding the other 14 zero-day exploits Project Zero found, Willis says they are, "not as severe, as they require either a malicious mobile network operator or an attacker with local access to the device." However, Samsung will still need to produce a patch to fix these security vulnerabilities as soon as possible.
Get Our Best Stories!
Sign up forWhat's New Nowto get our top stories delivered to your inbox every morning.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to ourTerms of UseandPrivacy Policy. You may unsubscribe from the newsletters at any time.
Thanks for signing up!
Your subscription has been confirmed. Keep an eye on your inbox!
Sign up for other newsletters