Samsung devices affected by security vulnerability, says CISA
The American Cybersecurity and Infrastructure Agency (CISA) has added a known security vulnerability (CVE-2023-21492) affecting Samsung devices to its list of exploited vulnerabilities. The flaw relates to Samsung mobile devices running the Android 11, 12 and 13 operating systems. It allows a privileged local attacker to bypass the accidental distribution of the address space (ASLR) defence by introducing sensitive information into the magazine file.
The vulnerability was identified on January 17, 2023, and Samsung addressed it by removing the core indicators from the magazine file. However, it is reported that the exploit had already been used against Samsung devices. The company has not provided details about these attacks, but it is thought that they were used in conjunction with other vulnerabilities.
In its latest report, CISA also highlighted two other issues:
- CVE-2004-1464: A vulnerability affecting Cisco IOS that leads to a refusal of maintenance. This vulnerability can block further access to the Cisco device through protocols such as Telnet, Reverse Telnet, Remote Shell (RSH), Secure Shell (SSH), and in some cases, HTTP.
- CVE-2016-6415: A vulnerability affecting Cisco IOS, iOS XR and iOS XE that is related to the disclosure of information using IKEV1. Successful operation can allow the attacker to gain access to the contents of the device’s memory, potentially leading to the disclosure of sensitive information.
On March 23, 2023, Samsung issued security updates for the Galaxy S21 and Note20. The updates address several critical and high-risk vulnerabilities of the Android and Samsung One UI, including CVE-2023-21345, which allows a remote attacker to execute arbitrary code on the target device through a specially created image file.
In mid-February, researchers from Google Project Zero identified a severe vulnerability (CVE-2023-21234) in the NFC modules of Samsung Galaxy S9 and S10. This vulnerability allows attackers to compromise a victim’s device through a non-contact connection to the NFC. An infected device can be brought close to the victim’s phone, or an infected NFC-Tag can be placed near it.
Finally, in early February, Samsung introduced a new service called K