The US Cybersecurity and Infrastructure Security Agency (CISA) has warned of an active exploitation of a medium-severity vulnerability affecting Samsung devices.
The vulnerability, tracked as CVE-2023-21492 (CVSS score: 4.4), affects select Samsung devices running Android versions 11, 12, and 13.
The South Korean company described the issue as an information disclosure flaw that could be used by a privileged attacker to bypass Address Space Layout Randomization (ASLR) protections.
ASLR is a security technology designed to prevent memory corruption and code execution failures by hiding the location of an executable in the device’s memory.
“It was notified that an exploit for this issue existed,” Samsung said in a notice published this month, adding that it was privately disclosed to the company on January 17, 2023.
No further details of how the vulnerability was exploited are currently known, but in the past commercial spyware vendors have used vulnerabilities in Samsung phones to deploy malicious software.
In August 2020, Google Project Zero also demonstrated a clickless remote MMS attack, which used two buffer overwrites in the Quram qmg library (SVE-2020-16747 and SVE-2020-17675) to defeat ASLR and gain code execution. Exploited weaknesses.
In light of active abuse, CISA added two Cisco IOS vulnerabilities (CVE-2004-1464 and CVE-2016-6415) to the reduction in its Known Exploited Vulnerabilities (KEV) list, with branch agencies from the Federal Civil Executive (FCEB) requested. To apply the patch before June 9, 2023.
Last week, CISA also added seven vulnerabilities to the KEV catalog, the oldest of which is a 13-year-old bug affecting Linux (CVE-2010-3904) that could allow a non-privileged local attacker to gain root privileges. gives.
