Conversation

!!! UPDATE YOUR PHONE NOW !!!

RCE exploit

Samsung Galaxy phones including those in the S22, M33, M13, M12, A71, A53, A33, A21, A13, A12, and A04 series
Vivo phones including those in the S16, S15, S6, X70, X60, and X30 series
Google Pixel 6 and 6 Pro, Pixel 6a, Pixel 7 and 7 Pro
Any wearables that use the Exynos W920 chipset
Any vehicles that use the Exynos Auto T5123 chipset

Project Zero reported 18 vulnerabilities in Exynos modems in late 2022 and early 2023. Four of the vulnerabilities, including CVE-2023-24033, involve internet-to-baseband remote code execution
Tests conducted by Project Zero confirm that those four vulnerabilities allow an attacker to remotely compromise a phone at the baseband level with no user interaction, and require only that the attacker know the victim’s phone number. With limited additional research and development, we believe that skilled attackers would be able to quickly create an operational exploit to compromise affected devices silently and remotely.

Project Zero is making a “policy exception to delay disclosure for the four vulnerabilities that allow for internet-to-baseband remote code execution.” This is “due to a very rare combination of level of access these vulnerabilities provide and the speed with which we believe a reliable operational exploit could be crafted.”

https://9to5google.com/2023/03/16/google-exynos-modem-vulnerabilities/