Google security teams find 18 bugs in mass-level Android phones
Google's security teams have found 18 zero-day vulnerabilities in Samsung's Exynos chips, which are used in popular Android smartphones and wearables.
Google’s security teams have found 18 zero-day vulnerabilities in Samsung’s Exynos chips, which are used in popular Android smartphones and wearables. According to Tim Willis, the head of Project Zero, the four most severe of these bugs allowed for “Internet-to-baseband remote code execution”. Tests conducted by Project Zero confirmed that an attacker could remotely compromise a phone at the baseband level with no user interaction and only the knowledge of the victim’s phone number. Google’s security researchers that “skilled attackers” could quickly create an operational exploit to compromise affected devices silently and remotely.
Google advises users to turn off Wi-Fi calling and Voice-over-LTE (VoLTE) in their device settings until security updates are available. This will remove the exploitation risk of these vulnerabilities. The affected devices are from Samsung, Vivo, Google (Pixel 6 and Pixel 7 series), any wearables that use the Exynos W920 chipset, and any vehicles that use the Exynos Auto T5123 chipset. Google expects that patch timelines will vary per manufacturer, and affected Pixel devices have already received a fix. Google also encourages users to update their devices as soon as possible to ensure that they are running the latest builds that fix both disclosed and undisclosed security vulnerabilities.
What is are bugs?
In the context of computer software, a bug is a flaw or error in a program or system that causes it to behave unexpectedly or not as intended. Bugs can occur during the design, coding, testing, or maintenance phases of software development. They can result from mistakes made by programmers, unexpected interactions between different components of a system, or errors in the underlying software or hardware infrastructure.
Bugs can manifest in a variety of ways, such as crashes, incorrect calculations, incorrect behavior or output, security vulnerabilities, or other types of failures. They can range in severity from minor issues that have little impact on the user experience to critical flaws that can cause serious harm, such as data breaches or system failures.
To identify and fix bugs, developers often use various tools and techniques such as testing, debugging, code analysis, and code reviews. In some cases, users may report bugs or issues they encounter while using software, which can help developers identify and address problems. Regular updates and patches are often released to fix bugs and improve software performance and security.