ATTENTION: BE CAREFUL IF YOUR SMARTPHONE IS IN THIS LIST!

Project Zero, Google’s security research team, has discovered and reported 18 vulnerabilities in Samsung’s Exynos chips used in mobile devices, wearables, and even cars. Security flaws were reported between late 2022 and early 2023. Four of the eighteen were identified as the most critical, as they allow remote code execution over the Internet. The fact is that smartphones that use this chipset are at risk until updates are installed. So if your smartphone is on this list, beware!

ATTENTION: BE CAREFUL IF YOUR SMARTPHONE IS IN THIS LIST!

These remote code execution errors allow attackers to remotely compromise vulnerable devices without any user interaction. In other words, a real risk.

Worst of all, the only information needed for the attacks to succeed is the victim’s phone number, according to Tim Willis, who is in charge of Project Zero.

To make matters worse, with minimal additional research, sophisticated attackers can easily create an application capable of remotely infiltrating vulnerable devices without drawing the attention of targets.

The remaining 14 flaws (including CVE-2023-24072, CVE-2023-24073, CVE-2023-24074, CVE-2023-24075, CVE-2023-24076, and nine more are pending CVE IDs) are not critical but still Poses a threat. Successful exploitation requires local access or the malicious mobile network operator.

Based on the list of affected chipsets provided by Samsung, the list of affected devices includes:

• Smartphones from the Galaxy S22, M33, M13, M12, A71, A53, A33, A21, A13, A12, and A04 ranges smartphones;
• smartphones from Vivo’s ranges, including the S16, S15, S6, X70, X60, and X30 series;
• Google Pixel 6 and Pixel 7 smartphones;
• Which wearable device uses Exynos W920 chipset
• Cars using Exynos Auto T5123 chipset.

although samsung It has already provided security updates for these vulnerabilities in the affected chipsets to other vendors, and the patches are not public. Therefore, it cannot be applied by all affected users.

Each device manufacturer’s timeline will be different, but for example, Google has already addressed CVE-2023-24033 for affected Pixel devices in the March 2023 security updates.

However, until patches are available, users can thwart attack attempts by disabling Wi-Fi calling and VoLTE (VoLTE). So you are no longer in danger.