March 17, 2023 04:40 am GMT
Due to the severity of the main four critical vulnerabilities Project Zero has delayed full disclosure on how the exploit works stating:
Original Link: https://www.techpowerup.com/306049/googles-project-zero-discovers-18-zero-day-vulnerabilities-in-exynos-chipsets
Google's Project Zero Discovers 18 Zero-Day Vulnerabilities in Exynos Chipsets
Google's internal team Project Zero, dedicated to the discovery and patching of zero-day vulnerabilities in mobile hardware, software, web browsers and open source libraries disclosed a series of vulnerabilities in Samsung's Exynos chipsets featured across a wide range of mobile devices. Four of these critical vulnerabilities allow for internet-to-baseband remote code execution, and testing conducted by Project Zero confirmed that an attacker can compromise a phone at the baseband level with only the victim's phone number. They believe that with sufficient skill an attacker could exploit these vulnerabilities completely silently and remotely. The fourteen other vulnerabilities are related but considered to not be as critical as they require a more extensive setup including a malicious mobile network operator or local access to the targeted device.Due to the severity of the main four critical vulnerabilities Project Zero has delayed full disclosure on how the exploit works stating:
Due to a very rare combination of level of access these vulnerabilities provide and the speed with which we believe a reliable operational exploit could be crafted, we have decided to make a policy exception to delay disclosure for the four vulnerabilities that allow for Internet-to-baseband remote code execution.
Original Link: https://www.techpowerup.com/306049/googles-project-zero-discovers-18-zero-day-vulnerabilities-in-exynos-chipsets
Share this article:
Tweet
View Full Article