Google’s Project Zero bug-hunting team has discovered roughly 18 security flaws affecting Exynos modems, which, when combined, could potentially enable a hacker to gain complete access to a smartphone without the user’s knowledge. All the attacker would need is the phone number associated with the targeted device. According to Google, several devices are at risk of such attacks.
The bug responsible for the security vulnerabilities in Exynos modems has been resolved in the March security update, which has been released for the Pixel 7 series. However, the Pixel 6 series has yet to receive the update, and Google recommends that users with unpatched devices disable VoLTE and Wi-Fi Calling. According to the head of Project Zero, a user’s device could be compromised without their knowledge, and it could be relatively easy for some attackers to locate and exploit the vulnerability.
While the most severe vulnerability has been fixed, there are still fourteen other vulnerabilities that pose a risk to users. These include CVE-2023-26072, CVE-2023-26073, CVE-2023-26074, CVE-2023-26075, CVE-2023-26076, and nine others awaiting CVEs. Although these vulnerabilities are not as critical as the main exploit, they still have the potential to harm end users.