The U.S. Cybersecurity and Infrastructure Security Agency (CISA) hasΒ placedΒ a set of eight flaws to the Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
This includes six shortcomings affecting Samsung smartphones and two vulnerabilities impacting D-Link devices. All the flaws have been patched as of 2021.
CVE-2021-25394Β (CVSS score: 6.4) - Samsung mobile
Google is calling attention to a set of severe security flaws in Samsung's Exynos chips, some of which could be exploited remotely to completely compromise a phone without requiring any user interaction.
The 18 zero-day vulnerabilities affect a wide range of Android smartphones from Samsung, Vivo, Google, wearables using the Exynos W920 chipset, and vehicles equipped with the Exynos Auto T5123
Samsung has announced a new feature called Message Guard that comes with safeguards to protect users from malware and spyware via what's referred to as zero-click attacks.
The South Korean chaebol said the solution "preemptively" secures users' devices by "limiting exposure to invisible threats disguised as image attachments."
The security feature, available on Samsung Messages and Google
Two security flaws have been disclosed in Samsung's Galaxy Store app for Android that could be exploited by a local attacker to stealthily install arbitrary apps or direct prospective victims to fraudulent landing pages on the web.
The issues, tracked asΒ CVE-2023-21433 and CVE-2023-21434, wereΒ discoveredΒ by NCC Group and notified to the South Korean chaebol in November and December 2022. Samsung
Platform certificates used by Android smartphone vendors like Samsung, LG, and MediaTek have been found to be abused to sign malicious apps.
The findings were firstΒ discovered and reportedΒ by Google reverse engineer Εukasz Siewierski on Thursday.
"A platform certificate is the application signing certificate used to sign the 'android' application on the system image," a report filed through the
A now-patched security flaw has been disclosed in the Galaxy Store app for Samsung devices that could potentially trigger remote command execution on affected phones.
The vulnerability, which affects Galaxy Store version 4.5.32.4, relates to a cross-site scripting (XSS) bug that occurs when handling certainΒ deep links. An independent security researcher has been credited with reporting the issue
South Korean chaebol Samsung on Friday said it experienced a cybersecurity incident that resulted in the unauthorized access of some customer information, the second time this year it has reported such a breach.
"In late July 2022, an unauthorized third-party acquired information from some of Samsung's U.S. systems," the companyΒ disclosedΒ in a notice. "On or around August 4, 2022, we determined