Evidence was collected by Google’s Project Zero team from a commercial surveillance vendor that shows there is an exploitation chain for multiple Samsung devices.
An attacker can gain access to kernel read and write rights through this, which can disclose data. A commercial surveillance vendor allegedly targeted Samsung cellphones and exploited three zero-day security flaws, according to data supplied by Google Project Zero.
These were found using the devices’ specialized software, and they were all combined into one exploitation chain. According to the team’s findings, since the attackers will be the root user, it will grant them access where they can acquire kernel read and write privileges.
The Exynos-equipped Samsung phones running a certain kernel version, according to Google Project Zero Security Researcher Maddie Stone, were primarily targeted in the exploit chain.
These phones are currently available on the market in a variety of locations, including Europe, the Middle East, and Africa. The Samsung S10, A50, and A51 are the smartphones that are impacted by this, she stated.
According to reports, the problems have already been fixed. An Android app that fooled some users into installing outside of the Google App Store took use of the flaws. According to the study, the “malicious” software allowed the attackers to escape the application’s sandbox, which is intended to protect user activities and access to the device’s operating system.
“The cornerstone of this chain was the first vulnerability in the chain, the arbitrary file read and write, which was used four times and at least once in each phase.
Despite running at such a privileged level in Android devices, security researchers don’t frequently target Java components, “said Stone.