Flaw Was Exploited in Chain of Zero-Days Used to Implant Commercial Spyware
Android smartphone device manufacturer Samsung has a patch for a flaw used by commercial surveillance hackers to implant malware in the United Arab Emirates.
Security researchers at Google and Amnesty International in March reported an exploit chain apparently developed by Barcelona spyware vendor Variston to deploy a surveillance malware to devices located in the UAE.
The exploit chain took advantage of multiple zero-days, some of which Samsung, Google and chipmaker ARM have already fixed. Samsung this month is patching one of the remaining kernel information leak bugs used in the exploit chain. In an advisory, the company CVE-2023-21492. In an advisory, it said it is aware that “an exploit for this issue had existed in the wild.”
The U.S. Cybersecurity and Infrastructure Security Agency on Friday gave federal agencies until June 9 to patch affected Samsung-made Android devices and added the flaw to its Known Exploited Vulnerabilities Catalog.
The flaw allowed attackers to overcome Android’s address space layout randomization security feature that randomizes the location of system executables in memory. The randomization is a bid to stop buffer overflow attacks from being successful.
The flaw exploited by hackers was that Samsung printed kernel pointers in the log file. It is present in unpatched versions of Samsung Android 11, 12 and 13 devices.