Some Samsung smartphones were reportedly carrying a high severity vulnerability in their processors, allowing threat actors to escalate privileges and possibly drop malware on the devices.
Cybersecurity researchers from Google’s Threat Analysis Group (TAG) found the flaw and reported it to Samsung, which addressed the vulnerability on October 7, with a patch and a follow-up security advisory.
In the advisory, the flaw was described as an use-after-free vulnerability, tracked as CVE-2024-44068, with a severity score of 8.1 (high-severity), found in Samsung Exynos mobile processors versions 9820, 9825, 980, 990, 850, and W920.
Vulnerability chain
Samsung phones that are powered by these chips include parts of the S10 series, Note 10 and 10+, the S20 series, as well as Samsung Galaxy A51 5G and Samsung Galaxy A71 5G. The Exynos W920 is primarily used in wearable devices like Samsung's Galaxy Watch series.
TAG’s researchers suggested that the vulnerability is being exploited in the wild, as part of a larger chain that makes use of other bugs, as well.
"This 0-day exploit is part of an EoP chain," TAG said in its technical write-up. "The actor is able to execute arbitrary code in a privileged cameraserver process. The exploit also renamed the process name itself to 'vendor.samsung.hardware.camera.provider@3.0-service,' probably for anti-forensic purposes." There was no mention of other vulnerabilities exploited as part of the chain.
Google’s researchers did not discuss the identity of the miscreants abusing this flaw. However, it’s worth mentioning TAG usually tracks nation-states and state-sponsored threat actors, so it is safe to assume that this bug was abused by a similar team, too.
Nation-states usually engage in cyber-espionage and identity theft, so it is possible that whoever abused this flaw, tried to drop an infostealer, or a tracker, onto a Samsung device.
More from TechRadar Pro
- Samsung is offering up to $1 million to anyone who can find security flaws in its software
- Here's a list of the best firewalls today
- These are the best endpoint protection tools right now