- CISA warns about a security flaw affecting Samsung devices.
- The security flaw is identified as (CVE-20223-21492).
- The devices have been used in attacks to bypass ASLR.
U.S.A.’s Cybersecurity & Infrastructure Security Agency (CISA) has warned about a security flaw affecting Samsung devices. The devices have been used in attacks to bypass Android address space layout randomization protection.
For starters, Android address space layout randomization protection (ASLR) is a memory protection procedure for operating systems that protect against buffer-overflow attacks by randomizing the location where system executables are located in memory.
ASLR is capable of putting address space targets in a randomized location. if the attacker tries to utilize a wrong address space location, the app will crash, stopping the attack and will notify the system.
Moving on, the security vulnerability identified as (CVE-20223-21492) affects Samsung handsets running Android 11, 12, and 13. It is due to the position of sensitive information in log files. The info can be used by local attackers with high privileges to conduct an ALSR bypass which would then enable the utilization of memory management issues.
Although, Samsung did address this issue in its monthly security updates and ensured that the kernel pointers are no longer printed in the log files. Samsung says, in its May 2023 Security Maintenance Release advisory (SMR), that the company was informed about the vulnerability existing in the wild.
The company did not reveal any information about the CVE-20223-21492 exploitation, and like these, security flaws are frequently exploited as a part of a system exploit chain in highly targeted activities. For example, recently, two series of attacks were revealed by Amnesty International & Google’s own Threat Analysis Group.
The attack employed utilizes chains of Android, iOS, and Chrome vulnerabilities to install commercial spyware, and one of those campaigns targeted the Samsung user base in the United Arab Emirates (UAE).
Furthermore, U.S Federal Civilian Branch Agencies have been given a three-week deadline, till June 9 so, to secure the Samsung Android handsets from the attacks that are utilizing CVE-20223-21492 after the CISA added the flaw to its list of Known Exploit Vulnerability.
Well, this falls in line with the binding operational directive issued in November 2022 that requires federal agencies to address all flaws added to the CISA’s KEV list expires before the deadline expires.
However, this is more for Federal agencies. With that being said, private enterprises should also be prioritizing addressing vulnerabilities listed in the security agency lists of bugs exploited in attacks.