Warning to Users of Samsung Smartphones Regarding Actively Exploited Vulnerability
Users of Samsung smartphones have been alerted to CVE-2023-21492, an ASLR bypass vulnerability that has been publicly exploited, most likely by a spyware vendor.
Samsung smartphone customers have been alerted about an exploitable vulnerability recently addressed by the vendor and the US Cybersecurity and Infrastructure Security Agency (CISA).
The vulnerability in question is CVE-2023-21492, and it affects log files by exposing kernel pointers. A privileged local attacker may be able to get around the ASLR exploit mitigation mechanism thanks to the security flaw. This suggests that it was probably linked together with additional bugs.
With their May 2023 security updates, Samsung released a fix for CVE-2023-21492, claiming to have discovered the problem in the middle of January. According to the company, some Android 11, 12, and 13 smartphones are affected.
Our Readers ALSO READGoogle’s Open-Source Bazel Plugin Enhances Container Image Security
On Friday, CISA added the flaw to its “Known Exploited Vulnerabilities” (KEV) list, directing government organizations to fix it by June 9.
Since Google’s Threat Analysis Group found the flaw, it is likely that a commercial spyware vendor has already taken advantage of it. Google highlighted that CVE-2023-21492 was found in 2021 in its database of zero-day exploits.
Recent Google reports detail hacking activities by threat actors connected to spyware suppliers against Samsung cellphones using a variety of zero-day and n-day vulnerabilities.
Attackers attempted to utilize the Samsung Internet Browser in one such scheme, which was found in December 2022, to spread Android spyware to customers in the United Arab Emirates. The internet behemoth connected the attacks to Variston, a Spanish seller of commercial spyware.
A spyware vendor has taken use of many Samsung phone vulnerabilities with a 2021 CVE identifier while they were still in the “zero-day” stage, according to information released by Google. The business is aware of nine Samsung flaws that were found in 2021 and used in assaults.
Two Cisco IOS vulnerabilities were also added by CISA on Friday to its KEV database. CVE-2016-6415 is one of them; it was discovered in 2016 as a result of Shadow Brokers’ releases.
A very ancient DoS vulnerability, CVE-2004-1464, is the second. When Cisco published updates in 2004, it provided consumers with warnings regarding the vulnerability.