Samsung Devices Under Active Exploitation! CISA Warns of Critical Flaw

May 20, 2023Ravie LakshmananMobile Security / Cyber Attack

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned of active exploitation of a medium-severity flaw affecting Samsung devices.

The issue, tracked as CVE-2023-21492 (CVSS score: 4.4), impacts select Samsung devices running Android versions 11, 12, and 13.

The South Korean electronics giant described the issue as an information disclosure flaw that could be exploited by a privileged attacker to bypass address space layout randomization (ASLR) protections.

ASLR is a security technique that’s designed to thwart memory corruption and code execution flaws by obscuring the location of an executable in a device’s memory.

Samsung, in an advisory released this month, said it was “notified that an exploit for this issue had existed in the wild,” adding it was privately disclosed to the company on January 17, 2023.

Other details about how the flaw is being exploited are currently not known, but vulnerabilities in Samsung phones have been weaponized by commercial spyware vendors in the past to deploy malicious software.

Back in August 2020, Google Project Zero also demonstrated a remote zero-click MMS attack that leveraged two buffer overwrite flaws in the Quram qmg library (SVE-2020-16747 and SVE-2020-17675) to defeat ASLR and achieve code execution.

In light of active abuse, CISA has added the shortcoming to its Known Exploited Vulnerabilities (KEV) catalog, alongside two Cisco IOS flaws (CVE-2004-1464 and CVE-2016-6415), urging Federal Civilian Executive Branch (FCEB) agencies to apply patches by June 9, 2023.

Last week, CISA also added seven vulnerabilities to the KEV catalog, the oldest of which is a 13-year-old bug impacting Linux (CVE-2010-3904) that allows an unprivileged local attacker can escalate their privileges to root.