Samsung will patch the last dangerous Exynos modem vulnerability in April
Earlier this month we told you about a zero-day vulnerability which means that a flaw was previously unknown to the software vendor and has been unpatched. The vulnerability affected the Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, and Exynos Auto T5123. Armed with nothing but the targeted device's phone number, attackers can access the device.
We know that Pixel 6 and Pixel 7 models were affected, but the flaw has been patched on these phones with the March security update which has now been released for the Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7 and the Pixel 7 Pro. Other phones affected include Exynos-powered phones in the Samsung Galaxy S22 line. These models were sold in the U.K. and Europe. Other Samsung phones with the flaw include models in the mid-range Galaxy A and Galaxy M lines:
- Galaxy A71
- Galaxy A53
- Galaxy A33
- Galaxy A21s
- Galaxy A13
- Galaxy A12
- Galaxy A04 series
- Galaxy M33
- Galaxy M13
- Galaxy M12
- Galaxy Watch 5 series
- Galaxy Watch 4 series
Also affected are a few Vivo models such as the S16, S15, S6, X70, X60, and X30 series.
A Samsung community manager posted on the Samsung U.S. community site and said that five out of the six vulnerabilities found in the aforementioned Exynos modems were patched in March and the remaining flaw will be patched next month. Interestingly, Samsung initially came to the conclusion that the flaws were not severe.
A Samsung community manager says that the flaw will be completely patched next month
The community manager wrote last week, "Hello, We understand the concern of vulnerabilities. Samsung takes the safety of our customers very seriously. After determining 6 vulnerabilities may potentially impact select Galaxy devices, of which none were 'severe', Samsung released security patches for 5 of these in March. Another security patch will be released in April to address the remaining vulnerability. As always, we recommend that all users keep their devices updated with the latest software to ensure the highest level of protection possible."
Until the last vulnerability is patched in April, the Samsung and possibly the Vivo handsets listed above are at risk of being compromised at the baseband level. Thus, Google's Project Zero research team recommends that users of phones still vulnerable should disable Wi-Fi calling and Voice-over-LTE (VoLTE).
Things that are NOT allowed: