millions of devices at risk of being hacked

American Cyber ​​Security and Infrastructure Agency (CISA) included vulnerability CVE-2023-21492 affecting Samsung devices to its catalog of known exploitable vulnerabilities.

The problem concerns Samsung mobile devices running Android 11, 12 and 13. It is that a privileged local attacker can bypass ASLR (address space randomization) protection by injecting sensitive information into the log file.

The vulnerability was discovered on January 17, 2023, and Samsung fixed it by removing the kernel pointers from the log file.

“Kernel pointers are output in the log file prior to SMR May-2023 Release 1, allowing a privileged local attacker to bypass ASLR,” Samsung said in a statement. “Samsung has been notified that the exploit existed in the wild.”

The company did not provide details about attacks exploiting this vulnerability, but it is likely that it was used with other vulnerabilities to compromise Samsung devices.

CISA also addressed the following issues in the latest report:

• CVE-2004-1464 – Cisco IOS Denial of Service Vulnerability. Cisco IOS contains an unspecified vulnerability that could block further access to a Cisco device via telnet, reverse telnet, Remote Shell (RSH), Secure Shell (SSH), and in some cases HTTP.

• CVE-2016-6415 – IKEv1 information disclosure vulnerability in Cisco IOS, IOS XR, and IOS XE. Cisco IOS, IOS XR, and IOS XE contain insufficient condition checks in the portion of code that handles Internet Key Exchange version 1 (IKEv1) secure connection requests. Successful exploitation may allow an attacker to obtain the contents of the memory, which may lead to information disclosure.

On March 23, 2023, Samsung released a security update for the Galaxy S21 and Note20. The update fixes several critical and high-risk vulnerabilities in Android and Samsung One UI. Among them is CVE-2023-21345, which allows a remote attacker to execute arbitrary code on a target device through a specially crafted image file.

In mid-February, researchers from Google Project Zero discovered a serious vulnerability in the NFC module of the Samsung Galaxy S9 and S10. Vulnerability CVE-2023-21234 allows an attacker to compromise a victim’s device through a contactless NFC connection. To do this, it is enough to bring the infected device to the victim’s phone or place an infected NFC tag under it.

Earlier in early February, Samsung introduced a new Knox Vault service to protect user data on its smartphones. Knox Vault is a hardware-software security module (HSM) that encrypts data at the hardware level and prevents it from being revealed even when the device is physically accessed. Knox Vault will be available on the new Galaxy S21 Ultra and Galaxy Z Fold3 models.