A critical vulnerability in Samsung’s Exynos processors is being exploited by attackers to run code remotely, based on Google safety specialists.
The bug impacts telephones and smartwatches with Exynos processors 9820, 9825, 980, 990, 850 and W920 and has been given a severity score of 8.1 on a 10-point scale, The Register stories.
This implies affected units embrace the Galaxy S10 sequence, Galaxy Word 10 sequence, Galaxy A51 and A71, Galaxy S20 sequence, Galaxy Word 20 sequence, Galaxy A21, Galaxy M13 and Galaxy M12.
For smartwatches, the Galaxy Watch 4 sequence, Galaxy Watch 5 sequence and Galaxy Watch FE are affected.
Hannah Cowton-Barnes / Foundry
Google specialists have already seen the bug exploited in assaults the place it’s chained along with different vulnerabilities to run code on customers’ telephones. The bug is within the reminiscence administration and web page mapping dealing with.
“This zero-day exploit is a part of an EoP chain,” Google specialists say. “The attacker can execute arbitrary code in a privileged digital camera server course of and has additionally renamed the method title to ‘vendor.samsung.{hardware}.digital [email protected]’ to make monitoring harder.”
Samsung has now began distributing safety updates in its month-to-month safety launch and urges customers to maintain their units up to date. Learn the way to replace Android.
A Samsung spokesperson mentioned “the corporate is dedicated to offering the best stage of safety for its customers and is conscious of the vulnerability”.
This text initially appeared on our sister publication PC för Alla and was translated and tailored from Swedish.
