Samsung's Exynos Processors Vulnerable to Privilege Escalation Due to Use-After-Free Bug

Summary

A zero-day vulnerability in Samsung's mobile processors, tracked as CVE-2024-44068, has been exploited in the wild to execute an arbitrary code. This vulnerability, with a CVSS score of 8.1, allows privilege escalation on vulnerable Android devices by leveraging a use-after-free bug in the m2m scaler driver. The bug is part of an exploit chain, and the in-the-wild exploit has been observed by Google's Threat Analysis Group, posing a significant risk to affected devices. The exploitation has been observed in a privileged cameraserver process through a Kernel Space Mirroring Attack, bypassing Android kernel isolation protections. Samsung has released a patch as part of its October 2024 security updates.

News Articles

Forbes

CVE-2024-44068CVE-2024-43047

Samsung’s Impossible Deadline—You Have 24 Hours To Update Your Phone

Samsung Galaxy owners have a serious new problem—here’s what you need to do.

4 weeks ago

eSecurity Planet

CVE-2024-44068CVE-2024-38094

Vulnerability Recap 10/28/24: Cisco, Fortinet, VMware

This week’s security vulnerabilities include a couple of Cisco flaws and a Fortinet issue that took a while to be announced.

4 weeks ago

The Register

CVE-2024-44068

Samsung phone users exposed to EoP attacks, Google warns

A nasty bug in Samsung's mobile chips is being exploited by miscreants as part of an exploit chain to escalate privileges and then remotely execute arbitrary code, according to Google security...

1 month ago

More News...