Security researchers have discovered several serious security vulnerabilities on Google, Samsung and Vivo devices, which are supposed to make it possible for criminals to install malware on the devices and even gain full control over them (CVE-2023-24033). Until now, the vulnerabilities can only be closed by updates on some devices.
We strongly recommend you to install available updates and make changes in settings on other devices. Hereby, we are providing you with important information.
What happened and what are the consequences?
Vulnerabilities have been discovered in the Samsung Exynos modem, which, according to security experts, can be exploited by simply knowing the cell phone number. Criminals are said to be able to install malware on a device and even gain full control over the devices.
Google has already released an update for some devices. Updates are still pending for other Google devices as well as Samsung and Vivo devices. According to the experts, changes in the settings can prevent the vulnerabilities from being exploited on these devices as well.
Who is affected?
Google, Samsung and Vivo devices with certain Samsung Exynos modems are said to be affected. The affected chips are installed in the following devices, among others:
- Google Pixel 6 and Pixel 7
- Samsung S22, M33, M13, M12, A71, A53, A33, A21s, A13, A12 and A04
- Vivo S16, S15, S6, X70, X60 and X30
- Devices with Exynos W920
- Devices with Exynos Auto T5123
What should you do?
We strongly recommend,
- to request employees with Google smartphones, for which an update is already available, to install the update offered by Google. The March security patch fixes the vulnerability. You can initiate the update via your UEM system to ensure timely closure of the vulnerability.
- to request employees with Google devices that do not yet have an update, as well as with Samsung and Vivo devices, to deactivate WiFi calls and VoLTE in the device settings. This will prevent the vulnerability from being exploited.
Please feel free to contact us if we can support you – for example with the automatic provision of updates.
And if you have any further questions, please do not hesitate to contact us (moc.f1686120400be@tr1686120400oppus1686120400).