Samsung’s October security update for Galaxy devices patches dozens of vulnerabilities of varying severity. These include a high-severity flaw in several Exynos processors such as the Galaxy S20’s Exynos 990 and Galaxy Watch 5’s Exynos W920. Google has revealed that threat actors are exploiting this bug, potentially compromising the security of affected Galaxy users who haven’t yet installed the latest security update.
Several Samsung Exynos processors are affected by a security flaw
Tracked as CVE-2024-44068, this high-severity security flaw affects Samsung’s Exynos 9820, 9825, 980, 990, 850, and W920 processors. Along with the Galaxy S20 and Watch 5, these chips power the Galaxy S10, Note 10, Galaxy A51, Galaxy A71, and Galaxy Watch 4 models. Some of these processors are also found inside non-Samsung products, including Vivo phones. The latest security update has already patched the vulnerability.
However, Google’s Threat Analysis Group (TAG) says the issue is being actively exploited in the wild. Since Samsung has yet to update some of the affected devices to the October 2024 security patch, this is a matter of concern for those users. Attackers are using the flaw as part of a larger chain that makes use of other bugs to compromise vulnerable Galaxy devices and possibly drop malware to launch more devastating attacks.
“This 0-day exploit is part of an EoP chain,” Google TAG explained in a newly published security advisory. “The actor is able to execute arbitrary code in a privileged ‘camera server’ process. The exploit also renamed the process name itself to ‘vendor.samsung.hardware.camera.provider@3.0-service’, probably for anti-forensic purposes.” The security researchers didn’t disclose other vulnerabilities used in this EoP chain.
As said earlier, Samsung has already released a patch for this Exynos vulnerability. The October 2024 SMR (Security Maintenance Release) rolled out earlier this month addresses the flaw. Galaxy users should install the update as early as possible to avoid potential security attacks. You can check for updates from the Settings app (Software update > Download and install). Keep your phone updated for enhanced privacy and security.
