May 25, 2023
Active embed in device firmware
Today’s report is for Samsung smartphone users, and boy is there a major security alert for you!
There's this nasty vulnerability, CVE-2023-21492, that Samsung and the US Cybersecurity Agency are freaking out about. It's a kernel pointer exposure issue related to log files, and it's letting some sneaky attacker bypass security measures.
The thing is, Samsung only patched this bug in their May 2023 updates, and certain Android 11, 12, and 13 devices are still at risk. CISA's got it on their radar and is telling government agencies to patch it ASAP.
But here's the kicker. Google discovered this flaw, and they suspect some shady commercial spyware vendor might be exploiting it. These guys are trying to hack Samsung smartphones using all kinds of vulnerabilities.
So, if you're a Samsung user, don't wait around. Update your device and stay on top of those security patches. We can't let the bad guys win.