Telecommunications networks use private, open signalling links. These connections enable local and international roaming, allowing mobile phones to smoothly switch networks. These signalling protocols also enable networks to obtain user information including if a number is active, whether services are accessible, to which national network they are registered, and where they are situated. These connections and signalling protocols are continually targeted and exploited by surveillance actors, exposing our phones to several location disclosure techniques.

Most illegal network-based location disclosure is achievable because mobile telecommunications networks interact. Foreign intelligence and security agencies, commercial intelligence businesses, and law enforcement routinely want location data. Law enforcement and intelligence agencies may get geolocation information secretly using tactics similar to those employed by criminals. We shall refer to all of these players as ‘surveillance actors’ throughout this paper since they are interested in mobile geolocation surveillance.

Despite worldwide 4G network adoption and fast developing 5G network footprint, many mobile devices and their owners use 3G networks. The GSMA, which offers mobile industry information, services, and rules, reports 55% 3G subscriber penetration in Eastern Europe, the Middle East, and Sub-Saharan Africa. The UK-based mobile market intelligence company Mobilesquared estimates that just 25% of mobile network operators globally had built a signalling firewall to prevent geolocation spying by the end of 2021. Telecom insiders know that the vulnerabilities in the 3G roaming SS7 signalling protocol have allowed commercial surveillance products to provide anonymity, multiple access points and attack vectors, a ubiquitous and globally accessible network with an unlimited list of targets, and virtually no financial or legal risks.

The research done by Citizen labs focuses on geolocation risks from mobile signalling network attacks. Active or passive surveillance may reveal a user’s position using mobile signalling networks. They may use numerous strategies to do this.

The two methods differ significantly. Active surveillance employs software to trigger a mobile network response with the target phone position, whereas passive surveillance uses a collecting device to retrieve phone locations directly from the network. An adversarial network employs software to send forged signalling messages to susceptible target mobile networks to query and retrieve the target phone’s geolocation during active assaults. Such attacks are conceivable on networks without properly implemented or configured security safeguards. Unless they can install or access passive collecting devices in global networks, an actor leasing a network can only utilise active surveillance tactics.

However, cell operators and others may be forced to conduct active and passive monitoring. In this case, the network operator may be legally required to allow monitoring or face a hostile insider accessing mobile networks unlawfully. A third party might get access to the operator or provider by compromising VPN access to targeted network systems, allowing them to gather active and passive user location information.

The report primarily discusses geolocation threats in mobile signaling networks. These threats involve surveillance actors using either active or passive methods to determine a user’s location.

Active Surveillance:

• In active surveillance, actors use software to interact with mobile networks and get a response with the target phone’s location.
• Vulnerable networks without proper security controls are susceptible to active attacks.
• Actors can access networks through lease arrangements to carry out active surveillance.

Passive Surveillance:

• In passive surveillance, a collection device is used to obtain phone locations directly from the network.
• Surveillance actors might combine active and passive methods to access location information.

Active Attacks:

• Actors use software to send crafted signaling messages to target mobile networks to obtain geolocation information.
• They gain access to networks through commercial arrangements with mobile operators or other service providers connected to the global network.

Vulnerabilities in Home Location Register (HLR) Lookup:

• Commercial HLR lookup services can be used to check the status of mobile phone numbers.
• Surveillance actors can pay for these services to gather information about the target phone’s location, country, and network.
• Actors with access to the SS7 network can perform HLR lookups without intermediary services.

Domestic Threats:

• Domestic location disclosure threats are concerning when third parties are authorized by mobile operators to connect to their network.
• Inadequate configuration of signaling firewalls can allow attacks originating from within the same network to go undetected.
• In some cases, law enforcement or state institutions may exploit vulnerabilities in telecommunications networks.

Passive Attacks:

• Passive location attacks involve collecting usage or location data using network-installed devices.
• Signaling probes and monitoring tools capture network traffic for operational and surveillance purposes.
• Surveillance actors can use these devices to track mobile phone locations, even without active calls or data sessions.

Packet Capture Examples of Location Monitoring:

• Packet captures show examples of signaling messages used for location tracking.
• Location information, such as GPS coordinates and cell information, can be exposed through these messages.
• User data sessions can reveal information like IMSI, MSISDN, and IMEI, allowing for user tracking.

The report highlights the various methods and vulnerabilities that surveillance actors can exploit to obtain the geolocation of mobile users, both domestically and internationally.Based on history, present, and future mobile network security evaluations, geolocation monitoring should continue to alarm the public and policymakers. Exploitable vulnerabilities in 3G, 4G, and 5G network designs are predicted to persist without forced openness that exposes poor practises and accountability mechanisms that require operators to fix them. All three network types provide surveillance actors more possibilities. If nation states and organised crime entities can actively monitor mobile phone locations domestically or abroad, such vulnerabilities will continue to threaten at-risk groups, corporate staff, military, and government officials.

The post The Art of Interception :Active and Passive Surveillance in Mobile Signaling Networks appeared first on Information Security Newspaper | Hacking News.

As a result of the analysis of the vulnerability, it was found that the libwebp library included a heap buffer overflow vulnerability. This vulnerability allows a threat actor to conduct an out-of-bounds memory write by using a crafted HTML page to trigger the issue.

However, Google has once again reported this vulnerability, which is now known as CVE-2023-5129 and is being monitored. After further investigation, it was discovered that the vulnerability known as CVE-2023-41064 and this one also impacted the same libwebp library. The development comes after Apple, Google, and Mozilla provided remedies to address a flaw that may enable arbitrary code execution when processing a carefully designed picture. The bug is tracked separately as CVE-2023-41064 and CVE-2023-4863. The execution of arbitrary code might lead to a security breach. It is likely that both problems are solutions to the same fundamental issue that exists in the library. CVE-2023-41064 is claimed to have been linked with CVE-2023-41061 as part of a zero-click iMessage attack chain termed BLASTPASS to deliver a mercenary malware known as Pegasus, as stated by the Citizen Lab. At this time, we do not have access to any other technical specifics.

But the choice to “wrongly scope” CVE-2023-4863 as a vulnerability in Google Chrome belied the reality that it also affects practically every other program that depends on the libwebp library to handle WebP pictures, showing that it had a wider effect than was originally supposed. CVE-2023-4863 was discovered by Google security researchers and is tracked by the CVE identifier.

An investigation carried out by Rezillion over the last week has uncovered a comprehensive list of frequently used software programs, code libraries, frameworks, and operating systems that are susceptible to the CVE-2023-4863 vulnerability.

Additionally, the security researcher who found the vulnerabilities CVE-2023-41064 and CVE-2023-4863 reported both of them. This indicates that the researcher brought this issue to the attention of both firms, which led to the creation of two distinct CVEs in the past.

The post This zero day vulnerability could you used to hack into iPhone, Android, Chrome and many other software appeared first on Information Security Newspaper | Hacking News.

The potential risk present inside the Bitbucket Data Center and Server is not an ordinary one. The vulnerability, identified as CVE-2023-22513, is classified as high-severity due to its CVSS score of 8.5. It allows for Remote Code Execution (RCE) and can be traced back to version 8.0.0.

A perpetrator who has successfully authenticated himself and is abusing this vulnerability has the ability to execute arbitrary code, which might result in severe and perhaps catastrophic outcomes. It exhibits the combination of three significant effects, namely secrecy, integrity, and availability, without requiring any kind of user engagement.

Fortunately, the susceptibility was identified by a diligent individual user, as a result of Atlassian’s Bug Bounty initiative.

Atlassian has promptly responded by giving a strong recommendation for customers to update to the most recent version. In the event that you are unable of doing the task, it is recommended that you enhance your instance by upgrading it to one of the officially designated approved fixed versions.

The vulnerability identified as CVE-2023-22512 pertains to a Denial of Service (DoS) attack that may be exploited in Confluence Data Center and Server.

The Denial of Service (DoS) vulnerability has been present in Confluence Data Center and Server starting with its 5.6 version. The vulnerability identified as CVE-2023-22512, with a CVSS score of 7.5, does not compromise the confidentiality or integrity of the system. However, it targets the aspect that is most vulnerable.

The presence of this vulnerability enables an unauthorized attacker to exploit it, resulting in the disruption of a network-connected Confluence instance, either momentarily or forever. It may be likened to an imperceptible force that depletes one’s available resources.

Once again, a member of the Bug Bounty program played the role of a vigilant observer who identified and reported this vulnerability.

Atlassian recommends that those who are enthusiastic about Confluence promptly switch to the most recent version. For those seeking temporary remedies, it is recommended to consider implementing required version updates. In the event that you are unable to do the task, it is recommended that you update your instance to one of the officially approved fixed versions as mentioned.

The post Hacking Atlassian Bitbucket & Confluence Data Center with a vulnerability appeared first on Information Security Newspaper | Hacking News.

Security researchers Piotr Krysiuk and Piotr Krysiuk found the vulnerability and built an attack for it. The exploit makes it possible for local users without administrative privileges to launch a root shell by exploiting the problem. This attack was discussed in confidence with the Linux kernel security developers so that they may get assistance in developing a solution.

An adversary might take advantage of this vulnerability in a particular situation by constructing an erroneous batch request that includes actions that lead to a corruption of the internal state of Netfilter nf_tables. Because of this, the attacker is granted the ability to obtain root access to the system and further elevate their privileges.

The mainline kernel git repository now provides a patch that may be used to resolve the vulnerability that was discovered. Administrators and users of the system are strongly encouraged to deploy the patch as quickly as they can in order to prevent their systems from the possibility of being exploited.

Multiple versions of the Linux kernel, including the most recent stable release, Linux 6.3.1, have been used to successfully replicate the issue. If this vulnerability is not fixed, it may be used by hostile actors to obtain unauthorized access to the system with elevated privileges. As a result, sensitive data may be compromised, and serious disruption may occur.

The post Easily get root user privileges in Linux 6.3.1 using this vulnerability via exploit code appeared first on Information Security Newspaper | Hacking News.

CVE-2023-20864 (CVSS Score: 9.8): Deserialization Vulnerability
There is a deserialization vulnerability in VMware Aria Operations for Logs, and this vulnerability might be exploited by unauthenticated hostile actors. An unauthenticated attacker could possibly execute arbitrary code as root if they had network access to VMware Aria Operations for Logs. This would compromise the system’s security as well as the integrity of the system.

Aria Operations for Logs version 8.12 has VMware’s solution to this problem, which ensures that the vulnerability has been successfully corrected. VMware has released this version. This vulnerability does not have any known solutions at this time.

CVE-2023-20865, also known as the Command Injection Vulnerability, has a CVSS score of 7.2.
A command injection vulnerability was found in VMware Aria Operations for Logs, and it is possible for hostile actors that have administrator rights to exploit this issue. An adversary who has administrative rights has the ability to carry out arbitrary commands as root, which might result in the adversary getting unauthorized access to sensitive data or inflicting damage to the system.

In version 8.12 of Aria Operations for Logs, VMware has implemented a remedy for this problem, therefore reducing the risk provided by the vulnerability in question. This vulnerability does not have any known solutions at this time.

VMware has addressed both CVE-2023-20864 and CVE-2023-20865 in the latest version of Aria Operations for Logs, which was issued as a reaction to these discoveries and is available as version 8.12 of Aria Operations for Logs. Users of the program are urgently encouraged to upgrade to this version as quickly as possible in order to protect their computer systems and data from the possibility of being exploited.

The post Anyone can hack into VMware Aria Log Operations servers using these vulnerabilities appeared first on Information Security Newspaper | Hacking News.

The letter also makes it clear that the individual who hacked into Hyundai’s database did not take any financial information or identifying numbers. It is unknown how many Hyundai customers have been impacted by this event, how long the network attack lasted, or what additional nations may be at risk. Customers of a South Korean automobile manufacturer are being cautioned to be wary of unsolicited e-mails and SMS messages that pretend to come from the company. These communications might be efforts at phishing or social engineering. In response to the incident, Hyundai claims it has enlisted the help of information technology specialists, who have taken the affected systems down while new security measures are put into place. In February of 2023, the business released emergency software patches for a number of car models that had been compromised by a simple hack with a USB cable, which had made it possible for criminals to take the vehicles.

On the other hand, the Japanese automaker Toyota has admitted that there may have been a breach of consumer data due to security flaws at its operations in Italy. Throughout the course of more than one and a half years, up until this past March, Toyota Italy carelessly disclosed confidential information. In particular, it divulged confidential information on its Salesforce Marketing Cloud and Mapbox APIs. Threat actors might utilize this information to their advantage to acquire access to the telephone numbers and email addresses of Toyota customers and then use those details to start phishing attacks on those customers. According to the findings of the research team at Cybernews, the organization exposed credentials to the Salesforce Marketing Cloud, which is a supplier of software and services related to digital marketing automation and analytics. Threat actors might get access to phone numbers and email addresses, as well as customer monitoring information, as well as the contents of email, SMS, and push-notification messages by abusing the data. Moreover, Toyota Italy exposed the application programming interface (API) tokens for the software business Mapbox. These tokens were used to access map data. Although while the data is not as sensitive as the credentials for the Salesforce Marketing Cloud, it is still possible for threat actors to misuse it in order to query a large number of queries and drive up Toyota’s API use costs.

Toyota is not the only automaker that has lately put itself as well as its consumers in Italy in a vulnerable position. In January of this year, the Indian branch of Toyota Motor announced a data breach, claiming that it was possible that the personal information of some of its customers had been exposed.

The post One again Hyundai and Toyota leak customer personal data appeared first on Information Security Newspaper | Hacking News.

The use-after-free vulnerability known as CVE-2023-28205 was discovered in WebKit.

It is the first vulnerability to be discussed. It is possible to exploit it by misleading targets into loading malicious web pages under the control of attackers, which may result in the execution of malware on computers that have been infiltrated. Visiting a website that has been infiltrated is all it takes for hackers to take control of your device, to put it in layman’s words.

The processing of online material that has been designed maliciously has the potential to result in the execution of arbitrary code, which grants attackers unauthorized access to your device. Apple has improved its memory management in order to solve this use after free problem.

IOSurfaceAccelerator Out-of-Bounds Write Vulnerability, also known by its CVE number 2023-28206

The second flaw, identified as CVE-2023-28206, is a write problem that occurs when the boundaries of IOSurfaceAccelerator are exceeded. This vulnerability may be exploited by an application in order to execute arbitrary code with kernel privileges, which gives attackers the maximum degree of access possible to the target device.

If an application takes advantage of this vulnerability, it may be able to execute arbitrary code while maintaining kernel privileges. This would effectively give attackers control of the device you are using. By strengthening input validation, Apple has remedied the out-of-bounds write problem that previously existed.

Apple has said in its security warnings  that the company is aware of a report that suggests this vulnerability may have been actively exploited.

The business issued critical security upgrades in February to address an actively exploited zero-day vulnerability that was tracked as CVE-2023-23529 and affects iOS, iPadOS, and macOS. The security vulnerability, which is a type confusion problem in WebKit, was fixed by the technology giant by implementing enhanced checks.

By manipulating victims into accessing maliciously designed online content, an attacker may accomplish arbitrary code execution and take control of the victim’s system.

Apple has moved quickly to remedy these zero-day vulnerabilities after discovering them. The latest versions of iOS (16.4.1), iPadOS (16.4.1), macOS Yosemite (13.3.1), and Safari (16.4.1) provide enhancements to input validation and memory management. Consumers may secure their devices by upgrading to one of these operating systems.

Apple has confirmed that a very large number of products are included on the list of those impacted. This includes the following:

iPhone 8 and subsequent models
iPad Pro (all models)
iPad Air models starting with the 3rd generation and after, iPad models starting with the 5th generation and later, iPad mini models starting with the 5th generation and later, and Macs running macOS Vista.

Users are strongly encouraged to promptly upgrade their devices in order to guard against the possibility of being exploited. Always remember that maintaining a proactive approach to cybersecurity and keeping all of your devices up to date with the most recent software patches and updates is very necessary.

The post Two Actively Exploited 0-Day vulnerabilities can be used to hack iPhones and iPads appeared first on Information Security Newspaper | Hacking News.

Samba has recently been found to have several security flaws, any one of which might possibly let an attacker obtain access to sensitive data. This poses a substantial danger to the system’s security.

CVE-2023-0614 (CVSSv3 score of 7.7): Access-controlled AD LDAP attributes can be found

The vulnerability known as CVE-2023-0614 has been discovered, and it enables attackers to access and possibly gain private information, such as BitLocker recovery keys, from a Samba AD DC. As the remedy for the prior vulnerability, CVE-2018-10919, was inadequate, companies that store such secrets in their Samba AD should assume that they have been compromised and need to be replaced.

Impact: The exposure of secret information has the potential to result in unauthorized access to sensitive resources, which presents a severe threat to the organization’s security.

All Samba releases since the 4.0 version are impacted by this issue.

Workaround: The solution that is proposed is to avoid storing sensitive information in Active Directory, with the exception of passwords or keys that are essential for AD functioning. They are in the hard-coded secret attribute list, hence they are not vulnerable to the vulnerability.

CVE-2023-0922 (CVSSv3 score of 5.9): 

They are in the hard-coded secret attribute list, hence they are not vulnerable to the vulnerability.
This vulnerability, identified as CVE-2023-0922, affects the Samba AD DC administrative tool known as samba-tool. By default, this tool transmits credentials in plaintext whenever it is used to perform operations against a remote LDAP server. When samba-tool is used to reset a user’s password or add a new user, this vulnerability is triggered. It might theoretically enable an attacker to intercept the freshly set passwords by analyzing network traffic.

The transmission of passwords in plain text opens up the possibility of unwanted access to critical information and puts the security of the whole network at risk.

All versions of Samba released after 4.0 are included in this category.

Workaround: To reduce the risk of exploiting this issue, change the smb.conf file to include the line “client ldap sasl wrapping = seal,” or add the —option=clientldapsaslwrapping=sign option to each samba-tool or ldbmodify invocation that sets a password.

As is the case with vulnerabilities in other software, those in Samba may put an organization’s security at severe risk. Administrators of Samba are strongly encouraged to update to these versions or to install the patch as soon as reasonably practical.

The post Critical Samba vulnerabilities easily allow hacking of servers appeared first on Information Security Newspaper | Hacking News.

Any versions of WooCommerce Payments that were created after 4.8.0, which was published at the end of September, are susceptible to the vulnerability. The following updated versions were made available by Automattic: 4.8.2, 4.9.1, 5.0.4, 5.1.3, 5.2.2, 5.3.1, 5.4.1, 5.5.2 and 5.6.2.

As soon as a patched version of WooCommerce has been installed, administrators of websites using WooCommerce should verify their sites for any unusual admin users or postings. The creators of WooCommerce suggest that, in the event that suspicious behavior is discovered on a website, the passwords of all administrative users on the site be changed, in addition to any API credentials for WooCommerce and payment gateways.

According to the creators of WooCommerce, “WordPress user passwords are hashed using salts, which means the final hash value is incredibly tough to decipher.” “This solution uses a salted hash to safeguard not just your password as an administrative user but also the credentials of all other users on your website, including customers. While it is conceivable that an attacker took advantage of this vulnerability to acquire a hashed version of your password that was saved in your database, the hash value itself should be impossible to decipher so that your passwords remain secure and cannot be used in an unauthorized manner.” Nevertheless, it is important to note that this only applies to the hashes of passwords that are saved using the default authentication method that comes with WordPress. It’s possible that some other plug-ins will make use of the database to store credentials, tokens, and API keys without hashing them first. Administrators need to examine what potentially sensitive information is stored in their databases and rotate all of that information.

WooCommerce has said that it does not think this vulnerability was utilized to compromise shop or customer data. Nonetheless, merchants may wish to watch how this event evolves since it might affect their business. The issue was reported in confidence via the bug bounty program that Automattic maintains on HackerOne. Even if the technical particulars have not been made public just yet, the disclosure policy states that this should happen within the next two weeks. Nevertheless, the experts from Sucuri have previously pointed out that the vulnerability was probably in a file named class-platform-checkout-session.php, which seems to have been fully deleted from the version that has been patched. Because these competent hackers already know where to search, it is consequently feasible for them to discover the weakness and figure out how to exploit it all on their own.

The post WooCommerce’s serious vulnerability allows unauthorized wordpress website takeover appeared first on Information Security Newspaper | Hacking News.

All of this is very beneficial, and in fact, many web application developers use it on their computers in order to be able to develop quickly and to be able to focus on what really interests them: ensuring that the logic of their Java pages and classes works as it should. All of this is very beneficial. It really is that straightforward… a software developer typically does not worry about the safety of the Tomcat server that he has installed on the computer that his employer has provided for him. In fact, the concept of security is so foreign to him that it does not even enter his mind very often. “pure Java” HTTP web server environments are made available by the Apache Tomcat server, which incorporates the technologies of Jakarta Servlet, Jakarta Expression Language, and WebSocket. These technologies allow Java code to be executed in these environments. Because of this, it is a frequently chosen option among developers who want to use Java to build online apps.

Up to and including versions 8.5.85/9.0.71/10.1.5/11.0.0-M2 of Apache Tomcat have been determined to have a vulnerability that has been rated as problematic (Application Server Software). An unidentified feature of the component known as RemoteIpFilter Handler is broken as a result of this bug. The manipulation using an unknown input results in a vulnerability involving the unsecured transmission of credentials. The user name and password are not adequately protected when they are being sent from the client to the server via the login pages, which are not using suitable security measures.

Session cookies generated by Apache Tomcat versions 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute when used in conjunction with requests received from a reverse proxy over HTTP and which had the X-Forwarded-Proto header set to https. Because of this, the user agent could send the session cookie through an unsecured connection. Hence, this might be dangerous.

The vulnerability was disclosed on March 22nd, 2023. The advisory is now available for download at lists.apache.org, where it is also shared. Since March 21st, 2023, this vulnerability has been assigned the identifier CVE-2023-28708. There is neither a technical description nor an exploit that is readily accessible to the public. The attack method has been given the designation of T1557 by the MITRE ATT&CK project.

This vulnerability may be remedied by upgrading to version 8.5.86, 9.0.72, 10.1.6, or 11.0.0-M3 respectively.

The post Apache Tomcat vulnerability leaks application session cookie to attackers appeared first on Information Security Newspaper | Hacking News.

According to the firm, “the attacker searched the Digital Ocean cloud hosting IP address space and discovered operating CAS services on ports 7741, including the General Bytes Cloud service and other GB ATM operators running their servers on Digital Ocean.”

The attackers gained access to the database as well as API keys for accessing money in hot wallets and exchanges as a result of the code execution. The attacker leveraged the master service interface to remotely upload a Java program, gaining access to BATM user rights, the database, and API keys required to access money in hot wallets and exchanges.

As a consequence, the hacker gained access to users, password hashes, turned off two-factor verification, and sent funds from hot wallets.

The hacker was successful in stealing 56.28 bitcoin, worth around $1.5 million, as well as liquidating other cryptocurrencies including as ETH, USDT, BUSD, ADA, DAI, DOGE, SHIB, and TRX. The stolen assets have not been moved from the bitcoin address since March 18, and certain digital currencies have been transferred to other destinations, including a decentralized trading platform.

Additionally, the attackers got the “ability to access terminal event logs and search for each occurrence when users scanned private key at the ATM,” information that previous versions of ATM software recorded.

“On March 18, we advise all of our clients to take quick steps to safeguard their finances and personal information,” General Bytes tweeted.

The wallet addresses and three IP addresses used by the attacker in the breach have been revealed by the firm. Yet, according to certain sources, the company’s complete node is safe enough to prevent unwanted access to cash.

The business released information on the actions clients should take to safeguard their GB ATM servers (CAS) in a security advisory documenting the event, emphasizing that even those who were not affected by the incident should adopt the suggested security measures.

“Please keep your CAS protected by a firewall and a VPN.” Terminals should also use VPN to connect to CAS. With a VPN/Firewall, attackers from the open internet are unable to access and exploit your server. If your server was compromised, please reinstall the whole server, including the operating system,” the business advises.

The crypto ATM manufacturer issued a CAS security patch and advised consumers to consider all user passwords and API keys to exchanges and hot wallets as compromised and to replace them. 
“We don’t have the final statistics yet,” General Bytes said. We’re currently gathering information from operators. We are still dealing with damage of roughly 56 BTC as of today.

The post How Cryptocurrency ATM manufacturer was hacked and millions of funds were stolen? appeared first on Information Security Newspaper | Hacking News.

The fourteen other similar vulnerabilities (CVE-2023-26072, CVE-2023-26073, CVE-2023-26074, CVE-2023-26075, CVE-2023-26076, and nine additional vulnerabilities that have yet to be granted CVE-IDs) were not as serious since they need either a hostile mobile network operator or an attacker with local access to the device.

The list of Exynos chipsets that are susceptible to these vulnerabilities may be found in the advisory published by Samsung Semiconductor. On the basis of information obtained from public sources that provide a mapping of chipsets to devices, the following devices are likely to be affected:

Devices from Samsung’s S22, M33, M13, M12, A71, A53, A33, A21, A13, A12, and A04 series;

Devices from Vivo’s S16, S15, S6, X70, X60, and X30 series

Devices from Google’s Pixel 6 and Pixel 7 series

Any wearables that use the Exynos W920 chipset and vehicles that use the Exynos Auto T5123 chipset.

Timelines for patches to address these vulnerabilities will differ depending on the manufacturer. Those who have devices that are vulnerable may protect themselves from baseband remote code execution vulnerabilities in the meanwhile by turning off Wi-Fi calling and Voice-over-LTE (VoLTE) in the settings of their devices.

Due to the unusual combination of the level of access that these vulnerabilities provide and the speed at which they believe a reliable operational exploit could be crafted, the Google Security Team has decided to make an exception to their standard disclosure policy and delay the disclosure of the four most severe vulnerabilities. This decision was made because the Google Security Team believes that a reliable operational exploit could be crafted relatively quickly.

But, they will maintain their tradition of openness by publicly publishing disclosure policy exclusions, and after all of the concerns have been identified, they will add these problems to the list. Five of the remaining fourteen vulnerabilities (CVE-2023-24072, CVE-2023-24073, CVE-2023-24074, CVE-2023-24075, and CVE-2023-24076) have surpassed Project Zero’s regular 90-day limit and have been publicly revealed in their issue tracker. The other nine vulnerabilities will be publicly disclosed at that time if they are still unfixed.

End users are strongly urged by the Google Security Team to upgrade their devices as soon as is practically practicable in order to guarantee that they are using the most recent releases, which patch security flaws that have been made public as well as those that have not been made public. It is very vital to maintain vigilance and adopt the appropriate safety measures in order to safeguard one’s personal information and electrical devices from possible security risks.

The post Zero-day vulnerabilities in Exynos chipset allow hacking Samsung, Vivo and Pixel phones appeared first on Information Security Newspaper | Hacking News.