The modems used in the Samsung Exynos package have a series of very bad 0-day vulnerabilities.
They allow a remote attacker to gain access to the device by only knowing the phone number.
Due to the severity of the flaw, the amount of time it is taking to patch it, and how quickly Google believes a malicious actor could develop an exploit for it they have forgone their normal 90-day publishing cycle for the issue, despite the fact 90 days have long since passed.
A small list of affected devices.
Such fun times...
Samsung also confirmed Project Zero's workaround, saying that "users can disable WiFi calling and VoLTE to mitigate the impact of this vulnerability."
They allow a remote attacker to gain access to the device by only knowing the phone number.
Due to the severity of the flaw, the amount of time it is taking to patch it, and how quickly Google believes a malicious actor could develop an exploit for it they have forgone their normal 90-day publishing cycle for the issue, despite the fact 90 days have long since passed.
A small list of affected devices.
- Mobile devices from Samsung, including those in the S22, M33, M13, M12, A71, A53, A33, A21s, A13, A12 and A04 series
- Mobile devices from Vivo, including those in the S16, S15, S6, X70, X60 and X30 series
- The Pixel 6 and Pixel 7 series of devices from Google
- Any vehicles that use the Exynos Auto T5123 chipset
Such fun times...
Samsung also confirmed Project Zero's workaround, saying that "users can disable WiFi calling and VoLTE to mitigate the impact of this vulnerability."