“These four vulnerabilities enable Internet-to-baseband remote code execution, which means that a hacker can remotely challenge a device at the baseband level without involving the user.”

Security experts at Google’s Project Zero have found several 0-day vulnerabilities in Samsung Semiconductor's Exynos Modems, which can also enable remote code execution. Tim Wills, a researcher at Project Zero of Google, has shown that a total of 18 vulnerabilities have been found, with four of them being extremely severe.

Also Read, BATLOADER Malware Uses Google Ads for Ursnif and Vidar Stealer

These four vulnerabilities enable Internet-to-baseband remote code execution, which means that a hacker can remotely challenge a device at the baseband level without involving the user.

These vulnerabilities impact a broad array of devices, including Samsung Vivo mobiles, wearables that use the Exynos W920 chipset, and vehicles using the Exynos Auto T5123 chipset.

While patch timelines are expected to vary by manufacturer, users can save themselves from the vulnerabilities of the baseband remote code execution by switching off Wi-Fi calling and VoLTE in their device settings.

End-users are also motivated to update their devices at the earliest to ascertain that they are running the latest issues that fix undisclosed and disclosed security vulnerabilities.

Delaying Disclosures

Project Zero of Google has taken the decision to delay the disclosure of the four most dangerous vulnerabilities due to the potential for attackers to benefit more than defenders if vulnerabilities have to be disclosed.

The remaining fourteen vulnerabilities will be publicly disclosed if they are not fixed even after 90 days. Security experts are urging users to remain vigilant to protect their devices until the latest security updates are available.