The Google Project Zero team, a group of security analysts, discovered 18 zero-day vulnerabilities among Samsung Exynos modems produced between late 2022 and early 2023.
Four of those zero-day vulnerabilities are severe, highly concerning flaws. If a malicious actor decides to take advantage of them, it's over. They could potentially gain remote access to your phone and wreak havoc on your device.
Which phones are effected by the Samsung Exynos flaw?
According to Google's Project Zero team, here's a list of the affected phones:
- Vivo devices, including S16, S15, S6, X70, X60, and X30
- The Google Pixel 6 and 7 series
- Samsung Galaxy devices, including S22, M33, M13, M12, A71, A53, A33, A21s, A13, A12 and A04 series;
As HowToGeek pointed out, Samsung dropped Exynos for the Galaxy S23 series, so fortunately, this line remains unaffected.
As mentioned at the outset, four vulnerabilities were labeled as "severe" because they allowed for Internet-to-baseband remote execution. In other words, hackers could remotely break into vulnerable phones with nothing but the victim's phone number. Yikes! What's worse is that "skilled attackers" can remotely compromise affected devices silently, which means quarries won't even know that their phones are being exploited behind the scenes.
Is there a fix?
As of this writing, for most phones, there isn't a patch for these alarming security vulnerabilities, but there is a workaround you can employ to protect yourself. Head to Settings and do the following:
1. Disable Wi-Fi calling.
2. Turn off Voice-over-LTE.
Pixel 7 users are the only lucky ones here; Google rolled out a patch for the flaw in its March update. The Project Zero team says that patch timelines will vary for every phone manufacturer.