Exynos chips have been in the tech news lately, but not for the reasons Samsung would like. Recent reports claim that the South Korean giant has completely ruled out using the Exynos 2500 in the Galaxy S25 series. Now, Samsung confirmed a severe vulnerability in Exynos chips that puts older Galaxy phones and watches in danger.
Samsung’s chip division released a short report this month disclosing the vulnerability. The company mentions that it was discovered and reported by Xingyu Jin, a Google engineer, in mid-July of this year. Samsung labels the vulnerability as “Use-After-Free,” which means that it is memory-related. It exploits a bug in the memory release process that results in improper clearing of certain memory pointers.
These Samsung Galaxy phones and watches are in danger of being hacked
The list of Exynos processors affected by the vulnerability includes the 9820, 9825, 980, 990, 850, and W920. This means that the vulnerable devices to be hacked are the Galaxy S20 series, Galaxy Note 20 series, Galaxy S10 series, Galaxy Note 10 series, Galaxy A21, Galaxy A51, Galaxy A71, Galaxy Watch 5, Galaxy Watch FE, and Galaxy Watch 4. The case of the Galaxy Watch FE is especially severe since the company launched it this year.
The vulnerability in the chips takes advantage of incorrect memory clearing to execute external code. The goal is to obtain system privileges, which allow the attacker to do practically anything. For example, they could enable accessibility permissions to execute attacks through methods such as keylogging or even send screenshots of what you are typing to a remote server, among many other possibilities.
The patch is already rolling out, but the vulnerability has already been exploited
Samsung has already rolled out emergency security patches to fix the vulnerability. However, Xingyu Jin detected cases where criminal actors already used the exploit to execute malicious code. In addition to gaining advanced privileges, the exploit disguised itself as a Samsung system app. So, once installed, it is very difficult to detect using traditional methods.
The report does not include details about who is behind the attack. If you own a Samsung Galaxy phone and/or watch in danger, you should update immediately.
2024-10-30 15:05:49