Endpoint Security , Patch Management

Samsung Patches Memory Address Randomization Bypass Flaw

Flaw Was Exploited in Chain of Zero-Days Used to Implant Commercial Spyware
Samsung Patches Memory Address Randomization Bypass Flaw
Samsung headquarters in Suwon, a city in South Korea, in a 2017 photo (Image: Shutterstock)

Android smartphone device manufacturer Samsung has a patch for a flaw used by commercial surveillance hackers to implant malware in the United Arab Emirates.

See Also: JavaScript and Blockchain: Technologies You Can't Ignore

Security researchers at Google and Amnesty International in March reported an exploit chain apparently developed by Barcelona spyware vendor Variston to deploy a surveillance malware to devices located in the UAE.

The exploit chain took advantage of multiple zero-days, some of which Samsung, Google and chipmaker ARM have already fixed. Samsung this month is patching one of the remaining kernel information leak bugs used in the exploit chain. In an advisory, the company CVE-2023-21492. In an advisory, it said it is aware that "an exploit for this issue had existed in the wild."

The U.S. Cybersecurity and Infrastructure Security Agency on Friday gave federal agencies until June 9 to patch affected Samsung-made Android devices and added the flaw to its Known Exploited Vulnerabilities Catalog.

The flaw allowed attackers to overcome Android's address space layout randomization security feature that randomizes the location of system executables in memory. The randomization is a bid to stop buffer overflow attacks from being successful.

The flaw exploited by hackers was that Samsung printed kernel pointers in the log file. It is present in unpatched versions of Samsung Android 11, 12 and 13 devices.


About the Author

Mihir Bagwe

Mihir Bagwe

Principal Correspondent, Global News Desk, ISMG

Bagwe previously worked at CISO magazine, reporting the latest cybersecurity news and trends and interviewing cybersecurity subject matter experts.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing ransomware.databreachtoday.com, you agree to our use of cookies.