Some Samsung smartphones, powered by the company’s Exynos chipsets, have a high-severity security flaw. The vulnerability can allow threat actors to gain elevated access privileges and embed malware.
Samsung smartphones with certain Exynos SoCs have a security flaw
Samsung designs and builds its own Exynos SoC (System on a Chip). These chipsets usually power entry-level and mid-range Android smartphones. Some Exynos chipsets are also embedded in wearable devices.
Cybersecurity researchers from Google’s Threat Analysis Group (TAG) have reportedly discovered a security flaw inside some of the Exynos chips. The advisory about the vulnerability mentions it is being tracked as CVE-2024-44068. It has a severity rating of 8.1, which translates to “high severity”.
Specifically, Samsung Exynos mobile processors versions 9820, 9825, 980, 990, 850, and W920 are impacted. Attempting to explain the security flaw TAG stated, “This 0-day exploit is part of an EoP chain. The actor can execute arbitrary code in a privileged camera-server process. The exploit also renamed the process ‘[email protected],’ probably for anti-forensic purposes.”
How to stay safe from this security vulnerability
As stated by Google’s research team, the Samsung Exynos chipsets suffer from a “0-day” exploit. Moreover, the researchers have cautioned the vulnerability is being exploited in the wild. If that’s not concerning enough, attackers may club this flaw with other attacks.
The impacted Samsung Exynos chipsets are powering the Galaxy S10 series, the Galaxy Note 10 and 10+, the Galaxy S20 series, as well as the Samsung Galaxy A51 5G and Samsung Galaxy A71 5G smartphones. In the wearable space, the Exynos W920 is embedded inside a few Samsung Galaxy Watches.
Google’s TAG security team alerted Samsung about the vulnerability earlier this year. Samsung addressed the vulnerability on October 7 with a patch. The tech giant even issued a security advisory. To stay protected from this security flaw, Samsung Galaxy smartphone, and Galaxy Watch users must install the latest security updates.
