Google warns users of Samsung Exynos zero-day vulnerabilities

To prevent threat actors' from exploiting the unpatched attack vectors, Google Project Zero made an exception for four Exynos chipset flaws by extending its disclosure timeline.

• Share this item with your network:

• Arielle Waldman, News Writer

After discovering 18 Samsung Exynos Modem vulnerabilities, Google Project Zero veered from its standard disclosure policy for four of the zero-day flaws because public disclosure may have put users at significant risk.

In a blog post Thursday, Tim Willis, senior security engineering manager and head of Google Project Zero, described – but did not detail -- the 18 vulnerabilities that likely affect certain Samsung and Vivo mobile devices, the Pixel 6 and 7 series of devices from Google, and any vehicles that use the Exynos auto T5123 chipset. While there has been no active exploitation yet, Willis warned that four of the 18 flaws allowed for internet-to-baseband remote code execution (RCE).

Attacks exploiting those four flaws ...