The Exynos chipsets made by Samsung, which are used in mobile devices, wearable technology, and automobiles, have 18 zero-day vulnerabilities that Project Zero, Google's bug-hunting team, has identified and disclosed.Between late 2022 and early 2023, security issues with Exynos modems were discovered. The four most critical zero-day vulnerabilities, which allow remote code execution from the Internet to the baseband, were among the eighteen zero-day vulnerabilities. Several Internet-to-baseband remote code execution (RCE) flaws, such as CVE-2023-24033 and three others that are awaiting a CVE-ID, give attackers the ability to remotely compromise affected devices without the involvement of the user. "The baseband software does not properly check the format types of accept-type attribute specified by the SDP, which can lead to a denial of service or code execution in Samsung Baseband Modem," Samsung says in a security advisory describing the CVE-2023-24033 vulnerability.
Read the full article here.
