A zero-day vulnerability, tracked as CVE-2024-44068, was found in Samsung’s mobile processors allowing for arbitrary code execution. The critical bug was patched in Samsung’s October security updates and affects Exynos 9820, 9825, 980, 990, 850, and W920 processors. Google researcher Xingyu Jin reported the flaw, with an exploit chain discovered in the wild by Google TAG researcher Clement Lecigne. The exploit allows for privilege escalation via a use-after-free bug in the mobile processor, leading to arbitrary code execution in a camera server process.
read full article
We do not own the rights to this content & no infringement intended, CREDIT: The Original Source: www.darkreading.com
Trendzz Only Comment:
The analysis of the article highlights a critical zero-day vulnerability, CVE-2024-44068, found in Samsung’s mobile processors that allows for arbitrary code execution. This vulnerability, with a CVSS score of 8.1, was patched in Samsung’s October security updates. The bug, identified in the m2m scaler driver in various Samsung processors, leads to privilege escalation. Google researchers reported the flaw, warning about an existing exploit. The exploit enables attackers to execute code in a privileged camera server process, renaming it for anti-forensic purposes. This highlights the importance of timely patching to mitigate such security risks.
.