The US Cybersecurity and Infrastructure Security Agency (CISA) warns about the active exploitation of a moderate severity flaw affecting Samsung devices.
The problem is, being tracked as CVE-2023-21492 (CVSS score: 4.4), the influence of certain Samsung devices running Android versions 11, 12, and 13.
The South Korean electronics giant describes the problem as an information disclosure loophole that could be exploited by privileged attackers to bypass address space layout randomization (ASLR) protection.
ASLR is security technique designed to thwart memory corruption and code execution weaknesses by obfuscating the location of the executable in device memory.
Samsung, in a advisor released this month, said it had been “notified that an exploit for this issue already exists in the wild,” adding it was privately disclosed to the company on January 17, 2023.
Other details about how the flaw is exploited are currently unknown, but the vulnerability in Samsung phones has been weaponized by commercial spyware vendors in the past to spread malicious software.
Back in August 2020, Google Project Zero too demonstrated a remote zero-click MMS attack that exploits two buffer overwrite weaknesses in the Quram qmg library (SVE-2020-16747 and SVE-2020-17675) to defeat ASLR and achieve code execution.
Given the active abuse, CISA has added Known Exploited Vulnerabilities (KEV) catalog deficiencies, in addition to two Cisco IOS flaws (CVE-2004-1464 And CVE-2016-6415), urged the Federal Civilian Executive Branch (FCEB) to apply the patch by June 9, 2023.
Last week, CISA also added seven vulnerabilities to the KEV catalog, the oldest being a 13 year old bug impacting Linux (CVE-2010-3904) That possible an unprivileged local attacker can elevate their privileges to root.