Google project Zero security team find 18 active vulnerabilities on 12 smartphones due to Exynos Modem : Here’s everything you need to know

Security
By Estuti Bajpai

Have you been also hearing cases like someone’s device has been hacked without any user interaction? Well, the cases have been increasing day by day and it confused many users how is this even possible? We finally have got the answers to these questions as Google’s Project Zero security team has found about 18 active vulnerabilities in Samsung’s Exynos Modem.

The security flaws of this modem have been reported between the end of 2022 and the start of 2023 and as per the security team, among these 18 active vulnerabilities, four were identified as the most serious ones as they enable remote code execution from the Internet to baseband. These include CVE-2023 – 24033 including three others.

As per the list of affected chipsets, a list of 12 affected smartphones has been found:

  • Galaxy M33
  • Galaxy A53
  • Galaxy A33
  • Galaxy A21
  • Galaxy A13
  • Galaxy A12
  • Galaxy M12
  • Galaxy M13
  • Galaxy A04
  • Pixel 6A
  • Pixel 6
  • Pixel 6 Pro

The bugs found out by the security team allow hackers to access your device by using just your phone number. Not only this, experienced attackers with minimal additional research could easily create an exploit cable of remotely compromising vulnerable devices without catching the user’s attention. Well, this definitely is a worrying situation for the users.

Considering the 4 serious bugs, Tim Willis, Head of Project Zero said,” Due to a very rare combination of the level of access these vulnerabilities provide and the speed with which we believe a reliable operational exploit could be crafted, we have decided to make a policy exception to delay disclosure for the four vulnerabilities that allow for Internet-to-baseband remote code execution .” Though he mentioned that the remaining 14 bugs are not critical but still pose a risk.

Also, the users of the above devices are advised to disable Wi-Fi calling and VoLTE to mitigate the impact of this vulnerability and also to keep their devices updated to the latest builds to save them from security vulnerabilities. Though these are just remedial solutions and a new security patch can fix these issues.

Google has already addressed CVE-2023-24033 for impacted Pixel devices in their March 2023 security updates.

Source

 


Readers like you help support The Tech Outlook. When you make a purchase using links on our site, we may earn an affiliate commission. We cannot guarantee the Product information shown is 100% accurate and we advise you to check the product listing on the original manufacturer website. Thetechoutlook is not responsible for price changes carried out by retailers. The discounted price or deal mentioned in this item was available at the time of writing and may be subject to time restrictions and/or limited unit availability. Amazon and the Amazon logo are trademarks of Amazon.com, Inc. or its affiliates Read More
You might also like More from author

Advertisement

If you think there is an error in reporting or we missed something, please report it to us via [email protected] or you can visit our news correction policy page.

 

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More