These Samsung phone flaws have been exploited by spyware

They may be old flaws, but they’re still being exploited, CISA wants

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

The US Cybersecurity and Infrastructure Security Agency (CISA) has warned that flaws in severalSamsungmobile devices have likely already been exploited to by a spyware vendor.

The agency recently added eight new vulnerabilities to itsKnown Exploited Vulnerabilities Catalog, six of which pertain to Samsung Mobile devices, with evidence that they already been exploited in the wild.

Despite all these flaws having been patched by Samsung in 2021, there was no word from the Korean firm on the new revelations from CISA that they have been exploited.

Google joins the fight

The vulnerabilities include CVE-2021-25487, which can be exploited to execute arbitrary code, and was fixed by Samsung in October 2021, as well as CVE-2021-25371, which allows attackers to load arbitrary ELF files inside the DSP driver, and was patched in March 2021.

Both were classified as moderate severity by the electronics giant, although theNVDdid classify the former as high based on its CVSS score.

These fake Android antivirus apps install a dangerous banking trojan>These security flaws could let hackers install anything they wanted in the Samsung Galaxy App Store>The Samsung Galaxy S23 is getting a serious security upgrade that makes it even more appealing

Another vulnerability, tracked as CVE-2023-21492, was also brought to the public’s attention by Samsung and CISA, which can allow a privileged local attacker to bypass the ASLR exploit mitigation technique. This was also patched by Samsung in May this year.

However, researchers atGoogle, who discovered it, claim that it had been known since 2021. In November 2022, Google also found more evidence of exploitation by spyware vendors of vulnerabilities in Samsung mobile devices known since 2021.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

It seems that CISA and Google have been tracking the same spyware vendors, and emphasizes the importance of patching software as soon as possible to avoid succumbing to malicious attacks and malware.

It isn’t just Samsung devices that have been targets for threat actors recently, but rather Android devices on the whole. For instance, fake and dangerous apps on theGoogle Play Storeappear to be getting increasingly popular, claiming more and more victims.

To further protect your smart device, you can use the thebest Android antivirus apps, or, if you’re really concerned about maintaining your privacy as well as your security, you may want to consider getting one thebest secure smartphones.

Lewis Maddison is a Reviews Writer for TechRadar. He previously worked as a Staff Writer for our business section, TechRadar Pro, where he had experience with productivity-enhancing hardware, ranging from keyboards to standing desks. His area of expertise lies in computer peripherals and audio hardware, having spent over a decade exploring the murky depths of both PC building and music production. He also revels in picking up on the finest details and niggles that ultimately make a big difference to the user experience.

Logitech Brio 105 for Business review

Sihoo Doro S100 ergonomic office chair review

Owl Labs Meeting Owl 4+ review