Samsung and the US Cybersecurity and Infrastructure Security Agency (CISA) have warned users about a recently patched vulnerability. CVE-2023-21492 is an ASLR bypass vulnerability that has already been exploited in multiple attacks. The gap is described as a kernel pointer exposure issue relevant to log files and is likely chained to other bugs.
Samsung patched the bug in its May 2023 security updates. The company acknowledged it first learned about the security gap in mid-January, and CISA added the bug to its Known Exploited Vulnerabilities (KEV) catalog on Friday. CVE-2023-21492 impacted Android 11, 12, and 13 devices. Google’s Threat Analysis Group discovered the bug, which suggests it was likely exploited by a commercial spyware vendor. Google noted the bug was discovered in 2021 in its zero-day exploitation database with nine Samsung attacks listed that year. A 2022 attack attempted to deliver Android spyware to Emirati users, which has been linked to Spanish spyware vendor Variston.
Read More: