The Project Zero team at Google talked about serious flaws that could affect Pixel 6 and 7 flagship phones, Samsung smartphones, Vivo, and other wearable devices, most notably smart watches. Fortunately, users have the option to protect their information before the software is updated.
In late 2022 and early 2023, Project Zero identified 18 Exynos modem vulnerabilities. Four of them, including CVE-2023-24033, allow hackers to remotely execute code on users' devices, compromising phones without their participation – it is enough to know the victim's number.
Another 14 vulnerabilities are minor, and require the participation of an unscrupulous mobile network operator or an attacker's "local" access to the device. Project Zero has made an exception to its vulnerability disclosure delay policy due to the high degree of threat and the speed with which attackers may potentially create a working exploit.
Samsung Galaxy smartphones, including the S22, M33, M13, A71, A53, A13, A12, and A04 series; Google Pixel 6 and 6 Pro, Pixel 6a, Pixel 7 and 7 Pro, and all vehicles with Exynos Auto T5123 chipsets.
The most important vulnerability CVE-2023-24033 on some Pixel smartphones has already been addressed by the March security update, released on Monday. However, Pixel 6, 6 Pro, and 6a have not yet received the March update, according to 9to5google. They are still vulnerable.
Project Zero is advising you to disable Wi-Fi and Voice-over-LTE (VoLTE) calls temporarily, pending software updates on all vulnerable phones. According to Sprint / T-Mobile, VoLTE is enabled automatically in Google Pixel smartphones due to updates in 2021, and it is impossible to turn it off by conventional means.
If you notice an error, click on it with the mouse and press CTRL + ENTER.
