, Project Zero reported eighteen 0-day vulnerabilities in Exynos Modems produced by Samsung Semiconductor. The four most severe of these eighteen vulnerabilities (CVE-2023-24033 and three other vulnerabilities that have yet to be assigned CVE-IDs) allowed for Internet-to-baseband remote code execution
There were other 14 other vulnerabilities that were not as severe.
“Tests conducted by Project Zero confirm that those four vulnerabilities allow an attacker to remotely compromise a phone at the baseband level with no user interaction, and require only that the attacker know the victim’s phone number” said Tim Willis from Project Zero
The Vulnerable Products
The following product seem to be vulnerable:
- Mobile devices from Samsung, including those in the S22, M33, M13, M12, A71, A53, A33, A21s, A13, A12 and A04 series;
- Mobile devices from Vivo, including those in the S16, S15, S6, X70, X60 and X30 series;
- The Pixel 6 and Pixel 7 series of devices from Google; and
- any vehicles that use the Exynos Auto T5123 chipset.
How to Protect Your Device?
It was described that that patches depend on the manufacturer so meanwhile, users with affected devices can protect themselves from the baseband remote code execution vulnerabilities mentioned in this post by turning off Wi-Fi calling and Voice-over-LTE (VoLTE) in their device settings.
Found this article interesting? Follow us on Twitter and Linkedin to read more exclusive content we post.
