Flaws in several Samsung mobile devices may have been exploited by spyware vendors, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned.
The agency recently added eight new vulnerabilities to its system List of known exploited vulnerabilitiessix of which are linked to Samsung mobile devices, and there is evidence that they have been widely exploited.
Although Samsung has fixed all of these flaws in 2021, the South Korean company has not said anything about CISA’s newly disclosed news that these flaws were exploited.
Google joins the fight
These vulnerabilities include CVE-2021-25487, which could be exploited to execute arbitrary code, and was fixed by Samsung in October 2021, and CVE-2021-25371, which allowed attackers to load arbitrary ELF files inside DSP drivers, and was fixed in 2021 March fix.
The electronics giant rated both as moderately severe, though visceral vascular disease The former is indeed classified as high according to the CVSS score.
Samsung and CISA also brought to the public’s attention another vulnerability, tracked as CVE-2023-21492, that could allow a privileged local attacker to bypass ASLR mitigations. Samsung also fixed the issue in May of this year.
However, the Google researchers who discovered the bug claim that it has been known since 2021. In November 2022, Google also found more evidence that the spyware vendor exploited known vulnerabilities in Samsung mobile devices from 2021.
It appears that CISA and Google have been going after the same spyware vendor, emphasizing the importance of patching the software as soon as possible to avoid succumbing to malicious attacks and malware.
More recently, it’s not just Samsung devices that have been targeted by threat actors, but entire Android devices as well. For example, fake and dangerous apps on the Google Play Store seem to be gaining popularity, resulting in more and more victims.
To further protect your smart device, you can use the best Android antivirus app, or, if you really care about maintaining your privacy and security, you might want to consider purchasing one of the most secure smartphones.