A serious vulnerability in Samsung’s Exynos processors is being exploited by attackers to run code remotely, according to Google security experts.
The bug affects phones and smartwatches with Exynos processors 9820, 9825, 980, 990, 850 and W920 and has been given a severity rating of 8.1 on a 10-point scale, The Register reports.
This means affected devices include the Galaxy S10 series, Galaxy Note 10 series, Galaxy A51 and A71, Galaxy S20 series, Galaxy Note 20 series, Galaxy A21, Galaxy M13 and Galaxy M12.
For smartwatches, the Galaxy Watch 4 series, Galaxy Watch 5 series and Galaxy Watch FE are affected.
Hannah Cowton-Barnes / Foundry
Google experts have already seen the bug exploited in attacks where it is chained together with other vulnerabilities to run code on users’ phones. The bug is in the memory management and page mapping handling.
“This zero-day exploit is part of an EoP chain,” Google experts say. “The attacker can execute arbitrary code in a privileged camera server process and has also renamed the process name to ‘[email protected]’ to make tracking more difficult.”
Samsung has now started distributing security updates in its monthly security release and urges users to keep their devices updated. Find out how to update Android.
A Samsung spokesperson said “the company is committed to providing the highest level of security for its users and is aware of the vulnerability”.
This article originally appeared on our sister publication PC för Alla and was translated and adapted from Swedish.
Read the full article here
