.png "blank Coverage")
Google's security research unit, Project Zero, has discovered and reported 18 zero-day vulnerabilities in Exynos modems manufactured by Samsung, with four of them rated as top-severity flaws. These vulnerabilities, found in Samsung chips used in various Android models, wearables, and vehicles, could potentially compromise affected devices remotely and silently over the cellular network.
If exploited, an attacker could gain nearly unrestricted access to data flowing in and out of the compromised device, including calls, text messages, and cell data, without the user's knowledge.
This disclosure is notable because Google has issued a public warning about high-severity vulnerabilities before they are patched, emphasizing the risk to the public. Despite Google's notification, Samsung has not yet patched the vulnerabilities, which puts numerous Android devices at risk. Affected devices include a range of Samsung models,
Vivo devices, and Google's own Pixel 6 and Pixel 7 handsets, along with wearables and vehicles using Exynos chips for cellular connectivity. Google advises users to turn off Wi-Fi calling and Voice-over-LTE (VoLTE) in device settings as a temporary measure to reduce the risk until manufacturers release patches.
Affected mobile devices also include;
Samsung’s S22, M33, M13, M12, A71, A53, A33, A21s, A13, A12 and A04 series phones.
Google’s Pixel 6 and Pixel 7 series phones; and any vehicles that use the Exynos Auto T5123 chipset
Other devices include Chinese brand Vivo's S16, S15, S6, X70, X60 and X30 series phones