Friday, November 1, 2024
HomeCyber Security NewsCISA Warns that Hackers Actively Exploiting Samsung Vulnerability

CISA Warns that Hackers Actively Exploiting Samsung Vulnerability

Published on

Malware protection

CISA has issued a recent warning regarding a security flaw that impacts Samsung devices, enabling attackers to circumvent Android’s address space layout randomization (ASLR) protection during targeted attacks.

ASLR serves as a crucial security feature in Android, ensuring that the memory addresses where essential app and operating system components are loaded into the device’s memory undergo randomization.

Introducing this mechanism significantly enhances the complexity for potential attackers attempting to exploit memory-related vulnerabilities, thereby heightening the challenge of executing successful attacks such as buffer overflow, return-oriented programming, or other exploits that rely on manipulating memory.

- Advertisement - SIEM as a Service

Samsung mobile devices that are operating on the following versions of Android OS are susceptible to the vulnerability (CVE-2023-21492), which arises from the inadvertent inclusion of sensitive data in log files:-

  • Android 11
  • Android 12
  • Android 13

Local attackers possessing elevated privileges can leverage the disclosed information to carry out an ASLR bypass, consequently facilitating the exploitation of the vulnerabilities in memory management.

Flaw Profile

  • CVE ID: CVE-2023-21492
  • Description: Kernel pointers are printed in the log file before SMR May-2023 Release 1 allows a privileged local attacker to bypass ASLR.
  • Summary: It’s a kernel pointers exposure in a log file
  • Severity: Moderate
  • Base Score: 4.4
  • Reported on: January 17, 2023
  • Disclosure status: Privately disclosed

As part of the latest security updates, Samsung has effectively resolved this matter by implementing measures that prevent kernel pointers from being logged in future occurrences.

According to the May 2023 Security Maintenance Release (SMR) advisory, Samsung has acknowledged being informed about an exploit targeting this particular issue in the wild.

Although Samsung did not disclose specific information regarding the exploitation of CVE-2023-21492, it is important to note that during highly targeted cyberattacks, security vulnerabilities are frequently exploited within the complicated chain of exploits.

These campaigns employed chains of exploits targeting the following platforms’ vulnerabilities to deploy commercially-driven spyware:-

  • Android
  • iOS
  • Chrome

While apart from this, there are two separate attack campaigns were identified and disclosed by the security analysts at Google’s Threat Analysis Group (TAG) and Amnesty International in March.

Immediately patch by June 9

Following CISA’s recent inclusion of the CVE-2023-21492 vulnerability in its list of Known Exploited Vulnerabilities, U.S. Federal Civilian Executive Branch Agencies (FCEB) have been granted a three-week timeframe until June 9 to fortify their Samsung Android devices against potential attacks exploiting this security flaw.

In accordance with BOD 22-01, federal agencies must patch all flaws added to CISA’s KEV list by the deadline of June 9, 2023.

The cybersecurity agency’s list of bugs exploited in attacks is valuable for U.S. federal agencies and private companies. 

Private organizations can significantly reduce their risk of being successfully attacked by prioritizing the remediation of vulnerabilities on this list, along with federal agencies.

Frequent vulnerabilities serve as prime targets for cyber attackers, exposing the federal enterprise to substantial risks.

Shut Down Phishing Attacks with Device Posture Security – Download Free E-Book

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

LightSpy iOS Malware Enhanced with 28 New Destructive Plugins

The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS...

ATPC Cyber Forum to Focus on Next Generation Cybersecurity and Artificial Intelligence Issues

White House National Cyber Director, CEOs, Key Financial Services Companies, Congressional and Executive Branch...

New PySilon RAT Abusing Discord Platform to Maintain Persistence

Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan...

Konni APT Hackers Attacking Organizations with New Spear-Phishing Tactics

The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

LightSpy iOS Malware Enhanced with 28 New Destructive Plugins

The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS...

New PySilon RAT Abusing Discord Platform to Maintain Persistence

Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan...

Konni APT Hackers Attacking Organizations with New Spear-Phishing Tactics

The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on...