Serious security vulnerability in Samsung's Exynos chip at risk of exploitation.
Google's TAG Threat Analysis Group has just discovered a serious security vulnerability in some Samsung Exynos chips that could allow hackers to attack and take control of the device.
The CVE-2024-44068 vulnerability was found on Exynos 9820, 9825, 980, 990, 850 and W920 chips, affecting many
Samsung phone models, including the Galaxy S10, Note 10, S20, A51 5G, A71 5G series and even the Galaxy Watch smartwatch.
Many phones running Samsung's Exynos chips contain dangerous vulnerabilities.
Many phones running Samsung's Exynos chips contain dangerous vulnerabilities.
According to TAG, the vulnerability is being exploited in the wild as part of a privilege escalation attack chain, allowing hackers to execute malicious code on the device.
Hackers can use the vulnerability to install spyware, steal personal information, or take complete control of the device.
TAG is often focused on tracking state-backed hacker groups, so it's likely that this vulnerability is being exploited by similar groups for cyber espionage and identity theft purposes.
Samsung released a security patch on October 7 to fix the vulnerability.
Users of affected devices are advised to update to the latest software version to stay safe.
This discovery once again emphasizes the importance of regular software updates to protect devices from cybersecurity threats.
Watch More Image Part 2 >>>
Users should also be cautious when installing applications and accessing links from unknown sources to avoid being attacked.
Last month, the US government ordered all federal employees using Pixel phones to install the latest security update by July 4 or stop using the devices.
That order stemmed from a list of known vulnerabilities being exploited, specifically “CVE-2024-32896.”
Not only Galaxy smartphones but all other Android phones have not patched the vulnerability CVE-2024-32896.
Not only Galaxy smartphones but all other Android phones have not patched the CVE-2024-32896 vulnerability.
Exploiting the CVE-2024-32896 vulnerability could allow an attacker to escalate privileges, allowing them to use the application to access and collect data that would not normally be accessible to a bad actor. It could also allow an attacker to perform unauthorized actions that would normally be reserved for a higher-privileged user. It is a serious issue and a zero-day vulnerability, meaning there was no patch or fix available at the time of discovery.
Google has announced that CVE-2024-32896 affects not only Pixel devices, but also Samsung Galaxy devices and all other Android phones. Although Samsung has released the July security update for its Galaxy phones, it does not include a patch for CVE-2024-32896. Furthermore, other Android smartphones have not yet been patched, with the sole exception being the Pixel phones.
Google acknowledged that the bug has yet to be patched outside of Pixel devices, and said the company will prioritize fixes for Android OEM partners so they are ready to deploy when available.