Samsung Zero-Day Vuln Under Active Exploit, Google Warns
If it's exploited, bad actors can execute arbitrary code while evading detection thanks to a renamed process.
A zero-day vulnerability, tracked as CVE-2024-44068, has been discovered in Samsung's mobile processors and is being used in an exploit chain for arbitrary code execution.
The vulnerability was given a critical CVSS score of 8.1 out of 10 and was patched in Samsung's October set of security fixes.
A National Institute of Standards and Technology (NIST) advisory on the bug describes it as "an issue [that] was discovered in the m2m scaler driver in Samsung Mobile Processor and Wearable Processor Exynos 9820, 9825, 980, 990, 850, and W920." A use-after-free bug in the mobile processor ultimately leads to privilege escalation, the agency added.
Google researcher Xingyu Jin was credited with reporting the flaw earlier this year, and Google TAG researcher Clement Lecigne warned that an exploit exists in the wild.
"This zero-day exploit is part of an EoP chain," Jin and Lecigne noted. "The actor is able to execute arbitrary code in a privileged camera server process. The exploit also renamed the process name itself to '[email protected]', probably for anti-forensic purposes."
About the Author
You May Also Like
Unleashing AI to Assess Cyber Security Risk
Nov 12, 2024Securing Tomorrow, Today: How to Navigate Zero Trust
Nov 13, 2024The State of Attack Surface Management (ASM), Featuring Forrester
Nov 15, 2024Applying the Principle of Least Privilege to the Cloud
Nov 18, 2024The Right Way to Use Artificial Intelligence and Machine Learning in Incident Response
Nov 20, 2024