What you need to know
- Samsung has rolled out security patches for several vulnerabilities affecting certain Exynos modems and chips.
- The fix was released as part of the March 2023 security update.
- The security flaws exposed recent Galaxy phones and other Android handsets to internet-to-baseband remote code execution.
Google recently uncovered a nasty bug in Samsung's Exynos modems that could let hackers take over your phones just by knowing your phone number. The South Korean tech giant has now confirmed that these security flaws have been fixed.
A Samsung community moderator has disclosed that the Exynos modem vulnerabilities have been patched as part of the March 2023 security update. The confirmation was made in response to a Samsung user who took to the company's community forum to report the Wi-Fi calling vulnerability (via Android Authority).
"After determining 6 vulnerabilities may potentially impact select Galaxy devices, of which none were 'severe', Samsung released security patches for 5 of these in March," the moderator wrote. "Another security patch will be released in April to address the remaining vulnerability."
It's quite interesting that the Samsung community manager claimed that none of the vulnerabilities were severe. Earlier this month, Google's Project Zero team revealed that out of 18 zero-day vulnerabilities in Samsung's Exynos modems, four were severe. Security researchers claimed that bad actors could exploit the flaws to remotely and silently take control of vulnerable devices.
The affected Exynos modems were found in many of the top Samsung phones, such as the Galaxy S22 series, the Galaxy A53, and older models. Google's recent flagship phones, including the Pixel 6 and Pixel 7 lineups, were affected as well, although the latter received a fix with the March update.
Recent Vivo models in the flagship and mid-range categories were also put at risk, as were wearable devices powered by an Exynos W920 chipset and vehicles that use the Exynos Auto T5123 processor.
If your phone or smartwatch is on the list of affected devices, you should download and install the latest security update, assuming it's live for you. Any remaining security bugs should be patched in April.