Attacked vulnerability in Samsung smartphones running Android 12, 13

B2B Cyber ​​Security ShortNews

Share post

One of the vulnerabilities that Samsung's May update closes is even listed by CISA - Cybersecurity and Infrastructure Security Agency - as CVE-2023-21492. According to CISA, the vulnerability is even being actively exploited. Samsung's automatic system update alleviates the problem.

The CVE-2023-21492 vulnerability describes a security hole in Samsung mobile devices by inserting sensitive information in log files. The CISA not only lists the vulnerability, but also indicates that it is already being actively exploited. However, there is no further indication of the form in which this occurs.

Samsung May update closes over 50 gaps

Samsung provides users with the appropriate fixes for the security gap with its May update. In total, the update closes 4 critical vulnerabilities, 48 ​​high-risk vulnerabilities, and a few moderate bugs. However, Samsung does not describe some gaps because that would probably be too explosive. The description of the vulnerability CVE-2023-21492 is only moderate. The description says: disclosure of kernel pointers in the log file. Kernel pointers are printed in the log file before SMR Release 1 May 2023 allows a privileged local attacker to bypass ASLR. The patch removes kernel pointers in the log file.

More at Samsungmobile.com

 

Matching articles on the topic

Cisco licensing tool with critical 9.8 vulnerabilities

Cisco reports critical vulnerabilities in the Cisco Smart Licensing Utility that achieve a CVSS score of 9.8 out of 10. These vulnerabilities ➡ Read more

Ransomware attacks: 6 out of 10 companies attacked

Bitkom has surveyed more than 1.000 companies in Germany: More than half of the companies are victims of ransomware attacks ➡ Read more

Zyxel firewalls with highly dangerous security vulnerabilities

Zyxel has released 7 patches that fix several vulnerabilities in some firewall versions. Users are advised to install the patches for optimal protection ➡ Read more

30 percent more ransomware attacks in Germany

In this year’s State of Ransomware report “ThreatDown 2024 State of Ransomware”, Malwarebytes shows an alarming increase in ransomware attacks in the past ➡ Read more

Mastodon: two highly dangerous vulnerabilities discovered 

In its series "Code Analysis of Open Source Software" (CAOS for short), the BSI has examined software for its security. ➡ Read more

Qcell: APT group Abyss publishes 5,4 terabytes of data

There has apparently been another major data theft at a German company. It seems to have hit the solar cell supplier Qcells. The APT group ➡ Read more

Air traffic control DFS attacked by hackers

The German Air Traffic Control (DFS) was attacked by hackers. According to initial findings, the target of the cyber attack was the administrative IT infrastructure. However, ➡ Read more

Phishing: Attacks with infostealers for data exfiltration

Threat analysts have observed phishing attacks that use an advanced, stealthy approach to obtain particularly large amounts of sensitive data ➡ Read more