The Cybersecurity and Infrastructure Security Agency (CISA) broadened its catalogue of potential system breaches on Thursday, revealing eight novel flaws. These vulnerabilities include two manipulated by a variant of the Mirai botnet in D-Link router and access points. The more concerning part of the list identifies six distinct security lapses specifically found in Samsung mobile devices. Samsung had patched these potential breaches in 2021, but their reemergence indicates ongoing risk.

The specifics of the vulnerabilities

Among the mentioned vulnerabilities was CVE-2021-25487, a disconcerting glitch in the modem interface driver that could permit unauthorized code execution. Despite Samsung’s designation of the bug as ‘moderate’, it appears the National Vulnerability Database (NVD) has tagged it as ‘high severity’, considering its CVSS score. This breach, fixed in October 2021, reappeared in the CISA list, which is alarming.

Samsung’s October 2021 patch batch also rectified CVE-2021-25489, a low-severity bug that could provoke a Denial of Service (DoS) condition in the modem interface driver.

Furthermore, the CISA list includes CVE-2021-25394 and CVE-2021-25395, moderate-severity bugs in the MFC charger driver that Samsung had previously addressed in May 2021.

The final two, CVE-2021-25371 and CVE-2021-25372, are vulnerabilities within the DSP driver, allowing potential attackers to load arbitrary ELF files or access out-of-bounds, respectively. Samsung had patched these back in March 2021.

Threat of commercial spyware exploitation

While Samsung hasn’t refreshed its old advisories to alert users about these vulnerabilities, they have not been publicly reported. However, CISA suspects that a commercial spyware vendor may have exploited these Samsung mobile device vulnerabilities.

Recent advisories by Samsung and CISA underscored the risk of CVE-2023-21492, a kernel pointer exposure issue that could enable a privileged local attacker to bypass the ASLR exploit mitigation technique. Google researchers, the discoverers of this vulnerability, indicated it’s been known since 2021.

Last November, Google revealed three similar Samsung phone vulnerabilities, all exploited by an anonymous spyware vendor against Android devices. These flaws, patched in March 2021, were active even when the devices had a zero-day status.

The recurrence of these vulnerabilities suggests that spyware vendors, under Google’s watch, have likely exploited the flaws that CISA added to its catalogue this week.

Urging users to stay updated and secure

The community expects Samsung to refresh its advisory to alert its user base about these potential security lapses, and users should immediately act to secure their devices. If these vulnerabilities persist, users may face an imminent threat, potentially from spyware vendors.

We would love to hear from you, our valued readers. What are your thoughts on these recurring vulnerabilities? Please share your comments and insights with us in the comment section below!