A severe vulnerability in Samsung’s Exynos processors is being exploited by attackers to run code remotely, based on Google safety consultants.
The bug impacts telephones and smartwatches with Exynos processors 9820, 9825, 980, 990, 850 and W920 and has been given a severity ranking of 8.1 on a 10-point scale, The Register studies.
This implies affected units embrace the Galaxy S10 collection, Galaxy Observe 10 collection, Galaxy A51 and A71, Galaxy S20 collection, Galaxy Observe 20 collection, Galaxy A21, Galaxy M13 and Galaxy M12.
For smartwatches, the Galaxy Watch 4 collection, Galaxy Watch 5 collection and Galaxy Watch FE are affected.
Hannah Cowton-Barnes / Foundry
Google consultants have already seen the bug exploited in assaults the place it’s chained along with different vulnerabilities to run code on customers’ telephones. The bug is within the reminiscence administration and web page mapping dealing with.
“This zero-day exploit is a part of an EoP chain,” Google consultants say. “The attacker can execute arbitrary code in a privileged digicam server course of and has additionally renamed the method title to ‘vendor.samsung.{hardware}.digicam.supplier@3.0-service’ to make monitoring tougher.”
Samsung has now began distributing safety updates in its month-to-month safety launch and urges customers to maintain their units up to date. Learn how to replace Android.
A Samsung spokesperson stated “the corporate is dedicated to offering the best degree of safety for its customers and is conscious of the vulnerability”.
This text initially appeared on our sister publication PC för Alla and was translated and tailored from Swedish.