These Samsung phone flaws have been exploited by spyware

Lewis Maddison

July 3, 2023 at 1:30 PM·2 min read

The US Cybersecurity and Infrastructure Security Agency (CISA) has warned that flaws in several Samsung mobile devices have likely already been exploited to by a spyware vendor.

The agency recently added eight new vulnerabilities to its Known Exploited Vulnerabilities Catalog, six of which pertain to Samsung Mobile devices, with evidence that they already been exploited in the wild.

Despite all these flaws having been patched by Samsung in 2021, there was no word from the Korean firm on the new revelations from CISA that they have been exploited.

Google joins the fight

The vulnerabilities include CVE-2021-25487, which can be exploited to execute arbitrary code, and was fixed by Samsung in October 2021, as well as CVE-2021-25371, which allows attackers to load arbitrary ELF files inside the DSP driver, and was patched in March 2021.

Both were classified as moderate severity by the electronics giant, although the NVD did classify the former as high based on its CVSS score.

> These fake Android antivirus apps install a dangerous banking trojan

> These security flaws could let hackers install anything they wanted in the Samsung Galaxy App Store

> The Samsung Galaxy S23 is getting a serious security upgrade that makes it even more appealing

Another vulnerability, tracked as CVE-2023-21492, was also brought to the public's attention by Samsung and CISA, which can allow a privileged local attacker to bypass the ASLR exploit mitigation technique. This was also patched by Samsung in May this year.

However, researchers at Google, who discovered it, claim that it had been known since 2021. In November 2022, Google also found more evidence of exploitation by spyware vendors of vulnerabilities in Samsung mobile devices known since 2021.

It seems that CISA and Google have been tracking the same spyware vendors, and emphasizes the importance of patching software as soon as possible to avoid succumbing to malicious attacks and malware.

It isn't just Samsung devices that have been targets for threat actors recently, but rather Android devices on the whole. For instance, fake and dangerous apps on the Google Play Store appear to be getting increasingly popular, claiming more and more victims.

To further protect your smart device, you can use the the best Android antivirus apps, or, if you're really concerned about maintaining your privacy as well as your security, you may want to consider getting one the best secure smartphones.

Here is the best endpoint protection right now

Yahoo Sports
Formula 1: Miami Grand Prix sends cease and desist letter to prevent Donald Trump fundraiser during race
Race organizers say they'll revoke a Trump fundraiser's suite license if he holds an event for the former president on Sunday at the race.
13h ago
Yahoo Sports
2024 NFL Draft grades: Denver Broncos earn one of our lowest grades mostly due to one pick
Yahoo Sports' Charles McDonald breaks down the Broncos' 2024 draft.
2d ago
Yahoo Sports
NFL Draft: Packers fan upset with team's 1st pick, and Lions fans hilariously rubbed it in
Not everyone was thrilled with their team's draft on Thursday night.
4d ago
Yahoo Sports
Chiefs sign Travis Kelce to new contract that reportedly makes him highest-paid TE in NFL
Travis Kelce has reportedly gotten a raise.
6h ago
Yahoo Sports
NFL Draft grades for all 32 teams | Zero Blitz
Jason Fitz and Frank Schwab join forces to recap the draft in the best way they know how: letter grades! Fitz and Frank discuss all 32 teams division by division as they give a snapshot of how fans should be feeling heading into the 2024 season. The duo have key debates on the Dallas Cowboys, New York Giants, New Orleans Saints, Los Angeles Rams, New England Patriots, Las Vegas Raiders and more.
8h ago
Yahoo Sports
NFL Draft: Bears take Iowa punter, who immediately receives funny text from Caleb Williams
There haven't been many punters drafted in the fourth round or higher like Tory Taylor just was. Chicago's No. 1 overall pick welcomed him in unique fashion.
2d ago
Yahoo Sports
Ryan Reynolds and Rob McElhenney, after Wrexham success, purchase stake in Liga MX’s Necaxa
Reynolds and McElhenney are the latest celebrities to invest in Necaxa in recent years.
7h ago
Yahoo Sports
The expanded 12-team College Football Playoff is here — and it already has problems
There is cause for excitement around the new playoff format. There's also lots of complaints and criticism to go around.
15h ago
Yahoo Sports
Joel Embiid not happy that Knicks fans took over 76ers home playoff games: It 'pisses me off'
"I don't think that should happen. It's not OK."
1d ago
Autoblog
Rivian put out a feeler to test buyers' willingness to spend on a new R2
Members of the Rivian subreddit posted details of a survey they received, asking how much they'd be willing to spend on different R2 configurations.
14h ago

News

Life

Entertainment

Finance

Sports

New on Yahoo

These Samsung phone flaws have been exploited by spyware

Google joins the fight

Recommended Stories

Formula 1: Miami Grand Prix sends cease and desist letter to prevent Donald Trump fundraiser during race

2024 NFL Draft grades: Denver Broncos earn one of our lowest grades mostly due to one pick

NFL Draft: Packers fan upset with team's 1st pick, and Lions fans hilariously rubbed it in

Chiefs sign Travis Kelce to new contract that reportedly makes him highest-paid TE in NFL

NFL Draft grades for all 32 teams | Zero Blitz

NFL Draft: Bears take Iowa punter, who immediately receives funny text from Caleb Williams

Ryan Reynolds and Rob McElhenney, after Wrexham success, purchase stake in Liga MX’s Necaxa

The expanded 12-team College Football Playoff is here — and it already has problems

Joel Embiid not happy that Knicks fans took over 76ers home playoff games: It 'pisses me off'

Rivian put out a feeler to test buyers' willingness to spend on a new R2