Google and Samsung Phones Have Severe Vulnerabilities

Google's Project Zero recently discovered two critical vulnerabilities that pose a significant threat to the security of Android phones manufactured by Google and Samsung. These vulnerabilities have been classified as "severe," indicating the urgent need for patching to mitigate the risks involved. Failure to do so could result in a serious security breach.
One of the identified vulnerabilities, and by far the most serious, impacts Exynos modems. The vulnerabilities consist of four weaknesses that can lead to significant issues with the Exynos hardware. Hackers can exploit these vulnerabilities remotely with only your phone number without the need for user interaction. Immediate patching is required to prevent potential exploits and compromise of your phone.
Numerous devices from Samsung, Vivo, and Google have been found to be vulnerable to serious zero-day vulnerabilities affecting Exynos chipsets. Among the affected devices are the Samsung Galaxy S22, M33, M13, M12, A71, A53, A33, A21, A13, A12, and A04 series, the Vivo S16, S15, S6, X70, X60, and X30 series, and Google Pixel 6, 6 Pro, Pixel 6a, Pixel 7, and 7 Pro. Additionally, all wearables that utilize the Exynos W920 chipset and all vehicles that use the Exynos Auto T5123 chipset are also affected. A total of 18 zero-day vulnerabilities were discovered in Samsung's Exynos chipsets, with seven allowing for remote code execution. Immediate patching is required to mitigate these vulnerabilities.
Google has taken immediate action by releasing the March Pixel update to address these vulnerabilities. While the patch has been rolled out to the Pixel 7 Pro, some devices may still be waiting for the update. It's important for owners of affected devices to proactively check for and apply the patch as soon as it becomes available to ensure their device is protected.
How to check for updates on a Google Pixel device
Here are the steps to check for updates on a Pixel phone:
- Open the Settings app on your Pixel phone.
- Scroll down and select the System option.
- Tap System Update.
- If there is an update available, you'll see a notification. Tap Download and Install to start the update process.
It's important to note that some updates may take a while to download and install, so make sure your device has enough battery life and is connected to a Wi-Fi network before starting the update process.
To check for updates on Samsung phones, open the Settings app and look for either the Software or System Updates section. If the March 1, 2023 Security Patch is listed, it means that five out of the 18 vulnerabilities have been addressed (CVE-2023-26072, CVE-2023-26073, CVE-2023-26074, CVE-2023-26075, CVE-2023-26076).
The remaining vulnerabilities have not yet passed the 90-day deadline or been assigned CVE-IDs. Samsung has also updated its advisories to remove the Exynos W920 SoC as an affected chip, along with the release of the March 1, 2023 update.
Related: Pinduoduo users are at risk
What to do if your phone hasn’t received the update yet
It's important to note that turning off VoLTE and Wi-Fi calling should only be done temporarily until your phone receives the necessary security patch. Once you've applied the update, it's safe to turn these features back on. Additionally, if you're not sure how to turn off these features or have any concerns about the security of your phone, it's always a good idea to contact your device manufacturer or carrier for guidance.
Markup tool vulnerability on Google Pixel devices
A severe vulnerability has been identified by Google's Project Zero that affects the Markup utility on Pixel phones, potentially enabling hackers to unredact and uncrop edited screenshots. For individuals who frequently take and share sensitive screenshots, this vulnerability should be treated seriously, as a hacker could exploit this vulnerability to uncover redacted information and use it for malicious purposes. It is essential to exercise caution while sharing sensitive information.
While sharing screenshots via services that compress and decompress images, such as Twitter, does not expose them to the vulnerability, it is still advised to exercise caution.
Thankfully, Google has addressed the issue with the March Security Update, ensuring that it is resolved for users who have applied the patch. However, users who took screenshots before the update may still be vulnerable. Therefore, it is advisable to delete any such screenshots (from both phone and cloud) containing sensitive information, whether redacted or not.
For those using Pixel or Samsung phones yet to receive patches, it is recommended that you check for updates daily and apply them as soon as possible.
“Do you use Google Photos?”
I do; I find it impossible not to use Google Photos on the Android phone; nevertheless, the “memory” feature is sort of neat. I’ve seen photos from a couple of years ago that that offer glimpses into the long-ago, forgotten past. It’s a lot like reviewing journal writing. “What was I doing and such and such a date?”
And, I think, when the “memories” are sorted and positioned, one can create a mini-collage with up to eight photos.
It’s so much easier to share photos with people rather than journal entries.
Nifty!
I delete the photos after 1 month of being taken. All of them are erased to return to the black and silent nothingness. Only the best ones are printed and placed in a very nice site at home. :]
I should buy a Chromebook.
None of the big tech companies are good but at least Google are the least dishonest and morally bankrupt of them. They’re always trying to do the right thing if the money allow it.
In reply to “https://www.ghacks.net/2023/08/19/google-keep-is-getting-a-version-history-but-only-on-the-web/” since the website has gone insane and no one can know where thier comment ends up.
This app should be called “Google Keeps it”. Because, they do.
I use Color Notes. No syncing, no internet, just local.
The article said: “[…] positive outcomes of genocide…”. Perhaps the AI was actually discussing the benefits of reading a “Scroll of genocide” … “You feel dead inside.”.
Martin, this post reply is supposed to belong: [https://www.ghacks.net/2023/08/22/googles-ai-search-generates-horribly-misleading-answers/] (given the the database is faulty it could appear anywhere or nowhere).
I have yet to be impressed with AI of any kind. I think it’s overhyped and not ready to live up to it.
How to use AI: Avoid the artificial stupidity at all times.
“When searched “Why guns are good,” it also prompted questionable responses, including potentially questionable statistics and reasoning. ”
Based on whose reasoning? These sorts of assertions are generally bullcrap intended to advance an agenda. If you don’t like guns, say so. Meanwhile, there are 400 million firearms in the US owned by close to a third of the population and around 20 million carry concealed.
So your opinion is not shared by a LOT of people who either enjoy firearm spots or are concerned about self-defense or both.
Wow. Ghacks still hasn’t fixed the broken comments system where old comments from a different article appear. Sad to see you slowly turn to dust since the buyout.
@Seeprime,
For over two weeks now,
I’ve been seeing “Comments” posted by subscribers appearing in different, unrelated articles.
https://www.ghacks.net/windows-11-update-stuck-fixed-for-good/#comment-4572991
https://www.ghacks.net/windows-11-update-stuck-fixed-for-good/#comment-4572951
For the time being,
it would be better to specify the “article name and URL” at the beginning of the post.
This guns comment came up in the Pixel watch repair post and I was bewildered as to what was the connection between the two.
goog = skynet
“human beings” = \slaves\
This info is so NOT correct.
I so do not want google in my life that I have NEVER downloaded chrome and I do NOT have ANY google accounts.
My browser is set to clear all cookies, cache and history every time I close it, which is every day, and I still get these world takeover login prompts on every site I go to.
So I CANT go to google accounts and turn it off.
If this info were truly accurate I wouldnt be getting these pop ups AT ALL.
Thanks @Ashwin for the article! :]
Anyone who continues to use these big tech scum’s cloud services deserves what they get.
Given Ghacks’ comments’ database problems I precise :
I’m commenting the article “Google is in trouble with YouTube Shorts – gHacks Tech News” by Emre Çitak
at [https://www.ghacks.net/2023/09/04/googles-youtube-shorts-problem/]
—
About the article’s question, “What do you think about YouTube Shorts?” (BTW first time I read here any other writer other than Martin Brinkmann directly asks the audience it’s opinion, and that’s just fine) :
YouTube Shorts may suit smartphones (which I don’t use) but on a PC they are not my cup of tea, to put it mildly.
From what I read a bit everywhere, opinions are shared : love or hate. For those who dislike many scripts and dedicated browser extensions have been developed to handle them (removal or redirect to standard video display).
I don’ view YouTube videos on YouTube but via a Piped or a Piped-Material YouTube front-end instance and these offer on search results and on channels the option to view Videos-Shorts-Livestreams-Playlists-Channels ; well, I practically never open the ‘Shorts’ display. I don’t like shorts (except in summer, hmm), I dislike the concept, fast-videos after fast-food, fast, faster … to bring what? Emptiness, IMO
Does that answer your question, @Emre Çitak :)
I despise YouTube Shorts. So much in fact, I use custom adblock rules in Brave Shields to remove that crap.
youtube.com##ytd-grid-video-renderer:has([href*=”shorts”])
youtube.com###dismissible:has([href*=”shorts”])
There’s an extension for Firefox and Chrome browsers called “Youtube-shorts block”, re-opens the video in a normal window. :)
https://addons.mozilla.org/en-US/firefox/addon/youtube-shorts-block/
https://chrome.google.com/webstore/detail/youtube-shorts-block/jiaopdjbehhjgokpphdfgmapkobbnmjp
ps. say NO to Shorts, it only encourage shooting vertical-videos which doesn’t go well with many desktop displays… except when shooting vertical objects, such as ahem… pretty ladies. :)
Page source shows that ghacks is still using WordPress as the platform. Knowing, more or less, how it works at the DB level I am not sure how one could mess up comments this badly. It is actually very difficult.
Google is the big leader of everything. Indeed it can actually buy Amazon, Disney, Netflix, X and whatever other company. I wonder what could happen if Google starts to build airspace ships in order to conquer the Moon. I bet that Google would be the first to offer free WiFi at the Moon. Please fix the comments.
This comment is inside the article:
[https://www.ghacks.net/2023/09/04/what-is-google-synthid-and-how-does-it-work/]
This “analysis” is disappointingly shallow and trivial. Why not include other factors like job level, responsibilities, full-time/part-time, qualifications, etc.? Because the conclusions probably wouldn’t fit the current leftist/feminist narrative. You don’t find what you don’t look for.
Misleading statistics.
Wage should be based on the amount of time, works, thinking (brain > muscle), responsibilities etc
Not skin pigmentation or your genitalia. There could be correlations, but not causations.
“Google maintains that it provides a superior product”
That is also Mozilla’s official position in defense of Google against the people, on that question of search engine abuse of dominant position by Google.
The funniest part is that not only it’s false regarding actual competitors, but even among not-actual-competitors there are meta-search engines that use exactly the same engine, just minus the tracking, so Google is clearly the inferior one compared to those already. But maybe what Google is saying is that it is the surveillance and bubbling that would make their engine superior. False again even without considering the damage those do.
“Google increases Chromebook support to 10 years”
I mean that’s great and all, but imagine using a browser-based, highly internet-dependent OS such as chrome. I’ve never used chromeOS but have seen it in person and read about it, just seems like ultra-limited user experience which relies on the concept that “most things can be done in a browser”.
What is there to support? It just a glorified web browser.
“Google launched Chromebooks in 2012 as low-cost devices and the company has had great success in the education world, especially in the United States.”
Happy tracking for all those unsuspecting children. And help normalize surveillance for those young brains. Well done Google.
No, AltaVista’s Search engine wasn’t difficult to use in the mid-nineties, and Yahoo didn’t own AltaVista either during the 1990s. Yahoo!, was a Web Directory. I was alive then and have actually used those engines, during that era, I should know if they were easy to use. So tell the angels what you’ve seen, scarecrow shadow on the Nazarene.