US CISA recently issued an alert, warning Samsung users about an ASLR bypass flaw being under attack. The attackers are reportedly exploiting this vulnerability to deploy spyware on target devices. Since Samsung has patched the flaw, users only need to ensure updating their devices with the latest system updates to receive the fix.
Samsung ASLR Bypass Vulnerability Under Active Attack
The tech giant Samsung patched a severe kernel vulnerability affecting its smartphones and related devices.
Identified as CVE-2023-21492, Samsung has described the flaw as a kernel pointers exposure in log file without sharing many details in its advisory.
Yet, while confirming a patch release with May 2023 updates, Samsung mentioned the issue as an ASLR bypass flaw that allowed local privileged attackers to access sensitive data. The tech giant also admitted having detected active exploitation of the flaw.
Nonetheless, it still marked the vulnerability as a moderate severity issue that affected the devices with Android versions 11, 12, and 13.
The US CISA has warned users of this vulnerability while listing it in its Known Exploited Vulnerabilities Catalog.
Although, neither Samsung nor CISA elaborated on the vulnerability, probably, given its exploitation in the wild. However, numerous entities have already detected and disclosed the abuse of this vulnerability in recent spyware campaigns.
For instance, Google’s Threat Analysis Group reported in March 2023 about numerous vulnerabilities actively exploited by the threat actors to deploy mercenary ransomware. From the several zero-days and n-days, Google TAG researchers also found the ASLR bypass under attack during these campaigns. The report also stated about informing the matter to Samsung officials.
Likewise, Amnesty International also published a detailed post about mercenary spyware campaigns actively targeting Android and iOS devices. Those campaigns also involved the exploitation of ASLR bypass for Samsung devices.
Given the patch has already been released, users need not worry about possible exploitation. But for that, they must promptly update their devices with the latest releases.
Let us know your thoughts in the comments.