We told you about a zero-day vulnerability earlier this month. A zero-day vulnerability is a flaw in software that was not known to the software maker and has not been fixed.
The Exynos Modem 5123, the Exynos Modem 5300, the Exynos 980, the Exynos 1080, and the Exynos Auto T5123 were all vulnerable. With just the phone number of the device they want to get into, attackers can get in.
We know that Pixel 6 and Pixel 7 models were affected, but the March security update for the Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, and Pixel 7 Pro has now fixed the flaw on these phones.
Phones in the Samsung Galaxy S22 line that use the Exynos chip are also affected. The UK and Europe both sold these models. Other Samsung phones with the flaw are from the Galaxy A and Galaxy M lines, which are in the middle price range:
- Galaxy A71
- Galaxy A53
- Galaxy A33
- Galaxy A21s
- Galaxy A13
- Galaxy A12
- Galaxy A04 series
- Galaxy M33
- Galaxy M13
- Galaxy M12
- Galaxy Watch 5 series
- Galaxy Watch 4 series
A few Vivo models are also affected, including the S16, S15, S6, X70, X60, and X30 series.
A Samsung community manager wrote on the Samsung U.S. community site that five of the six flaws found in the Exynos modems mentioned above were fixed in March, and the last one will be fixed next month. Strangely, Samsung first thought that the flaws weren’t that big of a deal.
Last week, the manager of the neighborhood wrote, “Hello, We understand the worry about weaknesses. Samsung cares a lot about the safety of our customers. After figuring out that some Galaxy devices could be affected by 6 vulnerabilities, none of which were “severe,” Samsung put out security patches for 5 of them in March.
In April, another security patch will be released to fix the last security hole. As always, we advise all users to keep their devices’ software up-to-date to make sure they have the best protection possible.”
Until the last security hole is fixed in April, the baseband level of the Samsung and possibly the Vivo phones listed above could be broken. So, Google’s Project Zero research team says that people with phones that are still vulnerable should turn off Voice-over-LTE and Wi-Fi calling (VoLTE).