Some Samsung Exynos phone chips exhibit a concerning security vulnerability.

Cybersecurity investigations have uncovered a serious vulnerability in the processors of certain Samsung smartphones. This flaw allows threat actors to escalate privileges and potentially install malware on the affected devices. The vulnerability was identified by Google's Threat Analysis Group (TAG), who reported it to Samsung, which issued a fix on October 7 and released a security advisory regarding it.

The flaw, classified as a use-after-free vulnerability and tracked as CVE-2024-44068, received a severity rating of 8.1, indicating its high risk. It resides in Samsung's Exynos mobile processors, which include versions 9820, 9825, 980, 990, 850, and W920.

Affected Samsung devices include parts of the S10 series, Note 10 and 10+, as well as the S20 series, in addition to the Galaxy A51 5G and A71 5G. The Exynos W920 is primarily used in wearable devices, such as Samsung's Galaxy Watch series.

TAG researchers have noted that this vulnerability is being actively exploited as part of a broader chain involving other bugs. According to the technical report, “this zero-day exploit is part of a privilege escalation (EoP) chain.” The malicious actor can execute arbitrary code in a privileged cameraserver process and has renamed the process to 'vendor.samsung.hardware.camera.provider@3.0-service' to evade forensic analysis.

While details about the identity of those abusing this vulnerability were not provided, it is noteworthy that TAG typically tracks state-sponsored threat actors. This suggests that a similar group is likely behind this attack.

It has been mentioned that nation-states often engage in cyber espionage and identity theft, leading to the consideration that the attacker exploiting this vulnerability may be attempting to install an infostealer or a tracker on a Samsung device.