The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned of energetic exploitation of a medium-severity flaw affecting Samsung products.
The issue, tracked as CVE-2023-21492 (CVSS score: 4.4), impacts decide on Samsung devices working Android versions 11, 12, and 13.
The South Korean electronics large explained the issue as an information disclosure flaw that could be exploited by a privileged attacker to bypass handle area layout randomization (ASLR) protections.
Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.
Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).
➤ Activate Your Coupon Code
ASLR is a security strategy that’s developed to thwart memory corruption and code execution flaws by obscuring the locale of an executable in a device’s memory.
Samsung, in an advisory unveiled this thirty day period, said it was “notified that an exploit for this issue had existed in the wild,” incorporating it was privately disclosed to the firm on January 17, 2023.
Impending WEBINARZero Have confidence in + Deception: Find out How to Outsmart Attackers!
Uncover how Deception can detect state-of-the-art threats, prevent lateral motion, and boost your Zero Believe in method. Be part of our insightful webinar!
Save My Seat!
Other information about how the flaw is staying exploited are now not recognised, but vulnerabilities in Samsung telephones have been weaponized by business spy ware suppliers in the earlier to deploy destructive application.
Back again in August 2020, Google Undertaking Zero also demonstrated a remote zero-simply click MMS attack that leveraged two buffer overwrite flaws in the Quram qmg library (SVE-2020-16747 and SVE-2020-17675) to defeat ASLR and accomplish code execution.
In light of energetic abuse, CISA has included the shortcoming to its Recognised Exploited Vulnerabilities (KEV) catalog, alongside two Cisco IOS flaws (CVE-2004-1464 and CVE-2016-6415), urging Federal Civilian Executive Branch (FCEB) businesses to apply patches by June 9, 2023.
Final 7 days, CISA also additional seven vulnerabilities to the KEV catalog, the oldest of which is a 13-calendar year-outdated bug impacting Linux (CVE-2010-3904) that permits an unprivileged neighborhood attacker can escalate their privileges to root.
Identified this posting appealing? Comply with us on Twitter and LinkedIn to read through far more exceptional written content we write-up.
Some components of this short article are sourced from:
thehackernews.com
Microsoft Warns of Increase in Business Email Compromise Attacks