HQ/EMEAFind out how we can help your business
CISA posted earlier this week regarding a security flaw that could impact Samsung devices. The vulnerability is within the Android address space layout randomisation protection, which actors could bypass.
ASLR is an Android security protocol that randomises the memory addresses where the OS components and key applications are loaded into the device’s memory. This Android feature could pose trouble for threat actors since they could easily exploit memory-related flaws and launch attacks like return-oriented programming, buffer overflow, or other memory-dependent exploits.
The flaw that targets Samsung devices could infect several versions.
CVE-2023-21492, the flaw that could impact Samsung, could infect devices that run on Android 11, 12, and 13 due to the inclusion of sensitive data into log files. Hence, threat actors could use the sensitive information with admin-level privileges to conduct an ASLR bypass prompt. The bypass operation could enable an attacker to exploit the memory-management issues.
The affected company addressed the issue by ensuring kernel pointers can no longer be displayed in log files. The tech giant stated they have already received a notice regarding the issue impacting their devices.
Samsung did not provide details regarding CVE-2023-21492, but experts claimed that threat groups could often abuse the vulnerability to execute a complex operation in highly targeted campaigns.
One example of the exploit is the March incidents, where a couple of cybercriminal operations executed an exploit chain on Android, iOS, and Chrome flaws to deploy spyware. One of the affected users of the campaign came from Samsung users in the UAE.
The exploit has now reached the government’s attention as the US administration gave a three-week deadline for US FCEB to secure their Samsung devices against the CVE-2023-21492 exploit. The deadline started when CISA revealed its critical vulnerability to the public.
This security protocol aligns with a binding operational directive issued in November last year, where the US government required their federal agencies to address all flaws added to the KEV list before reaching the deadline.
Experts recommend that private organisations follow government agencies’ steps to avoid infections and compromises caused by a critical vulnerability.
