Google security experts uncovered 18 zero-day vulnerabilities in Samsung Exynos processors used in various popular Android smartphones and wearables, which might compromise such devices.
In a blog post, Google Project Zero chief Tim Willis stated that four of the most serious of these vulnerabilities allowed for Internet-to-baseband remote code execution.
Project Zero tests verified that the four vulnerabilities allow an attacker to remotely compromise a phone at the baseband level with no user input and with only the victim’s phone number.
According to Google security experts, “we estimate that competent attackers would be able to swiftly design an operational exploit to compromise impacted devices discreetly and remotely” with minimum more research and development.
“Users who want to protect themselves against the baseband remote code execution vulnerabilities in Samsung’s Exynos chipsets can switch off Wi-Fi calling and Voice-over-LTE (VoLTE) in their device settings until security fixes are available,” Willis stated.
Turning off these options eliminates the danger of exploiting these vulnerabilities, he adds. Google anticipates that manufacturer-specific repair timings will vary, and impacted Pixel devices have already gotten a fix.
As always, we advise end users to update their hardware as soon as possible so that they are running the most recent releases that patch both publicly known and privately kept security flaws, according to Google.
Given Below are Some Adaptive Features of Google:- |