Android
[Samsung Responded] Severe Exynos modem vulnerabilities found, these models are affected
Google Project Zero team found severe 0-day vulnerabilities with the Samsung Exynos modem. Affected Exynos modem used in various Samsung devices including the Galaxy S22 series along with the Google Pixel 6a/6/6 Pro and Galaxy wearables.
Follow our socials → Google News, Telegram, Twitter, Facebook
According to the information, Project Zero reported 18 vulnerabilities in Exynos modems in late 2022 and early 2023. And notably, four of the flaws, including CVE-2023-24033, involve internet-to-baseband remote code execution:
Tests conducted by Project Zero confirm that those four vulnerabilities allow an attacker to remotely compromise a phone at the baseband level with no user interaction, and require only that the attacker know the victim’s phone number. With limited additional research and development, we believe that skilled attackers would be able to quickly create an operational exploit to compromise affected devices silently and remotely.
Among 18, 14 are not considered as severe because they “require either a malicious mobile network operator or an attacker with local access to the device.” The team is making a “policy exception to delay disclosure for the four vulnerabilities that allow for internet-to-baseband remote code execution.”
Affected devices
Samsung Semiconductor (January 2023) data reveals that Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, and Exynos Auto T5123 are affected chipsets.
Google compiled a list of likely affected products:
Samsung Galaxy:
- S22 series
- M33
- M13
- M12
- A71
- A53
- A33
- A21
- A13
- A12
- A04 series
- Watch 4 series
- Watch 5 series
Google:
- Pixel 6 and 6 Pro
- Pixel 6a
- Pixel 7 and 7 Pro
Vivo:
- S16
- S15
- S6
- X70
- X60
- X30 series
Wearable:
- Any wearables that use the Exynos W920 chipset
Vehicle:
- Any vehicles that use the Exynos Auto T5123 chipset
Samsung March 2023 Patch
Samsung detailed the March 2023 security patch earlier this month, which doesn’t provide fixes to the severe CVE-2023-24033 vulnerability. At the same time, Google listed the CVE in its March 2023 Android security bulletin, which started to roll out to Pixel devices on Monday.
Here’s what Samsung said:
At the end of last year, we received a security issue notification for Google project zero, and Samsung has provided all customers with a patch version for this vulnerability, and the related issues have now been resolved.
| Via |
Android
Android 15 AOSP release: What it means for Samsung One UI 7
Google pushed Android 15 to AOSP ahead of rollout to Pixel phones. Android vendors will now be able to use Android 15 as the base and tailor the experience. It’s a significant development for Samsung users waiting for the One UI 7 Beta update.
Samsung is continuously improving the One UI 7 experience through internal testing. The new OS’s AOSP availability will accelerate the testing for Galaxy devices. One UI 7 will have Android 15 as the base featuring modifications as per needs.
One UI is known as the most feature-rich Android skin in the market. One UI 7 is expected to debut unique features and customizations. AOSP release also ensures new Android 15 features would be incorporated into One UI.
Samsung developers would have been exploring new possibilities and experimenting with features. The latest additions would benefit the entire Galaxy community as well as other Android vendors as inspiration for a better user experience.
Pay attention, AOSP releases often include security patches to address vulnerabilities. Samsung has its own mechanism of security updates but it too relies on Android’s. Therefore, faster security updates likely follow the AOSP debut.
AOSP:
Simply put, AOSP is a general availability of Android 15 for modifications. Google has completed the Beta testing of the new OS and the QPR program has also started for Pixels. It’s now Android vendors’ turn to deploy the new update on their devices.
Google notes Android 15 will be available on Pixel devices in the coming weeks, as well as on select devices from Samsung, Honor, iQOO, Lenovo, Motorola, Nothing, OnePlus, Oppo, realme, Sharp, Sony, Tecno, vivo, and Xiaomi in the coming months.
Android
Android’s September 2024 System update is here for Galaxy, Pixel
Google just detailed Android’s September 2024 System update. It will arrive on countless Android devices, bringing new features and improvements. Samsung Galaxy devices should start getting it immediately after the rollout begins.
The September 2024 System update is applicable on Play Services and Play Store. Developer Services reported having a bug, which is getting fixed. Wallet users in Japan will be able to use JCB Contactless payment methods.
The release adds a new feature that guides you on using Quick Share. The sharing platform is also enhancing with the addition of a new flow for file receiving page. The Quick Share will also add UI tweaks that you will observe when you receive files.
Google Play services v24.34
Developer Services
- [Phone] Bug fixes for Developer Services related services.
Device Connectivity
- [Phone] With this new feature, you’ll get instructions on how to use Quick Share.
- [Phone] With updates to Quick Share, you’ll get a new flow when you receive files.
- [Phone] With this new feature, you’ll get UI updates when you receive files through Quick Share.
Wallet
- [Phone] With this new feature, you’ll be able to use JCB Contactless payment methods in Japan.
Apart from Play Services, Google also detailed changes coming to the Play Store. Unlike the Play Services, these improvements and new features are applicable across devices including PC (ChromeOS), Android phones, and TVs (Android).
Google Play Store v42.6
- [PC, Phone, TV] With improvements to Google Play Protect, you’ll get protection from more harmful apps.
- [Phone] With this new feature, you’ll be able to see your Play Points status at the top of the App Details page.
- [Auto] When you open the Play Store sign-in page for Android Auto, you’ll see a banner image with app icons that explains the benefits of Play Store.
Android
Samsung Android 15 Update: One UI 7 Ineligible Devices [LIST]
Not all Samsung devices will be eligible for the upcoming Android 15-based One UI 7 update. It’s expected to come with many new features and improvements. Some older and lower-end models of the Galaxy A, M, and F series have reached the end of life.
Samsung is famous for its excellent after-sales service and software support. The company announced that it will provide up to 7 years of major OS upgrades and security updates for its flagship devices, starting with the Galaxy S24 series.
This will allow Samsung users to enjoy the latest features and security enhancements for a long time. However, these devices will still receive security patches for another year, but they will miss out on the new features and benefits of One UI 7.
Samsung Android 15 One UI 7 Ineligible Device List
The following is the list of Samsung devices that will not get the Android 15 One UI 7 update:
Galaxy A series
- Galaxy A04s
- Galaxy A13
- Galaxy A23
- Galaxy A72
- Galaxy A52
- Galaxy A52 5G
- Galaxy A52s
Galaxy M series
- Galaxy M53 5G
- Galaxy M33 5G
- Galaxy M23
Galaxy F series
- Galaxy F23
If you own any of these devices, you may want to consider upgrading to a newer model that will support One UI 7 and beyond.
Note: The list is compiled on software update policy and previous rollouts.
Samsung is internally working on the Android 15 One UI 7.0 update. Dozens of Galaxy devices are eligible for this major upgrade, forming a pretty big rollout later this year. However, SDC24 is set to be held on October 3, when One UI 7 could go official.