U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Samsung zero-day flaw actively exploited in the wild

Google’s Threat Analysis Group (TAG) researchers warn of a Samsung zero-day vulnerability that is exploited in the wild. Google’s Threat Analysis Group (TAG) warns of a Samsung zero-day vulnerability, tracked as CVE-2024-44068 (CVSS score of 8.1), which is exploited in the wild. The vulnerability is a use-after-free issue, attackers could exploit the flaw to escalate […]

Samsung MagicINFO CVE-2025-21043

Google’s Threat Analysis Group (TAG) researchers warn of a Samsung zero-day vulnerability that is exploited in the wild.

Google’s Threat Analysis Group (TAG) warns of a Samsung zero-day vulnerability, tracked as CVE-2024-44068 (CVSS score of 8.1), which is exploited in the wild.

The vulnerability is a use-after-free issue, attackers could exploit the flaw to escalate privileges on a vulnerable Android device.

A vulnerability resides in Samsung mobile processors and according to the experts, it has been chained with other vulnerabilities to achieve arbitrary code execution on vulnerable devices.

Samsung addressed the vulnerability with the release of security updates in October 2024

“A Use-After-Free in the mobile processor leads to privilege escalation.” reads the advisory published by the Korean multinational conglomerate.

The company did not confirm that the vulnerability is actively exploited in the wild.

Affected versions include Exynos 9820, 9825, 980, 990, 850, W920.

The vulnerability was discovered by the researchers Xingyu Jin from Google Devices & Services Security Research and Clement Lecigene from Google Threat Analysis Group.

The fact that Google TAG discovered the flaw suggests that commercial spyware vendors may have used the exploit to target Samsung devices.

The advisory published by Google Project Zero warns of the availability of a zero-day exploit that is part of an Eòlevation of Privilege chain.

“This 0-day exploit is part of an EoP chain. The actor is able to execute arbitrary code in a privileged cameraserver process. The exploit also renamed the process name itself to “vendor.samsung.hardware.camera.provider@3.0-service”, probably for anti-forensic purposes.” states Google Project Zero.

Google researchers reported that the vulnerability explained that the issue resides in a driver that provides hardware acceleration for media functions like JPEG decoding and image scaling.

“By interacting with the IOCTL M2M1SHOT_IOC_PROCESS, the driver which provides hardware acceleration for media functions like JPEG decoding and image scaling may map the userspace pages to I/O pages, execute a firmware command and tear down mapped I/O pages.” continues Google Project Zero.

The exploit works by unmapping PFNMAP pages, causing a use-after-free vulnerability, where I/O virtual pages may map to freed physical memory. Then the exploit code uses a specific firmware command to copy data, potentially overwriting a page middle directory (PMD) entry in a page table. This can lead to a Kernel Space Mirroring Attack (KSMA) by spamming page tables, manipulating kernel memory, and exploiting the freed pages.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Samsung)