Do you have a Samsung Android device running Versions 11,12 or 13. Read this please. (1 Viewer)

[Gromett]

Active exploit. Hackers are making use of this bug NOW.

Samsung Devices Under Active Exploitation! CISA Warns of Critical Flaw

Heads up, Samsung devices under attack! CISA warns of an active exploitation targeting a medium-severity flaw.

thehackernews.com

 

[pagey]

OK so what can we do

 

[kevenh]

OK so what can we do

A vague: “Required Action: Apply updates per vendor instructions”

 

[kevenh]

This vulnerability is mentioned in Samsung security fixes: https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=05

Not sure if it’s in a planned patch or one out now

Both info locations are from links in the 1st tease article

 

[LesW]

Interesting, but largely useless article..

^{_{Subscribers  do not see these advertisements}}

 

[kevenh]

Interesting, but largely useless article..

Harsh but fairly accurate. All my info in the follow up posts were directly from hyperlinks described in the article.

 

[Gromett]

Interesting, but largely useless article..

Useless how? It is notifying you of an issue you should be aware of.
It is not at fault that there is currently little if any information as to the mitigation.

It provides links to sources of such information where it will appear when available.

I was simply letting people know to be aware of this.

 

[Gromett]

PS: This is information you should be aware of even if you cannot currently take any mitigating action as it may allow you to ajdust your behaviour to mitigate the risks.
For instance deleting banking apps etc until there is a fix.

So even if an article doesn't spoon feed you the solution, it doesn't mean it is largely useless especially in the security industry.

 

[the1andonly]

What i found more interesting from the article was

Last week, CISA also added seven vulnerabilities to the KEV catalog, the oldest of which is a 13-year-old bug impacting Linux (CVE-2010-3904) that allows an unprivileged local attacker can escalate their privileges to root.

 

[Gromett]

What i found more interesting from the article was

Last week, CISA also added seven vulnerabilities to the KEV catalog, the oldest of which is a 13-year-old bug impacting Linux (CVE-2010-3904) that allows an unprivileged local attacker can escalate their privileges to root.

Not sure why those would be of interest as they have all been patched. Only people running old, badly supported hardware should be affected by any of those?

That CVE you mention only affect linux kernels up to 2.6.36

To give you some idea of an active Kernel version. I am on V5.4.0 and that CVE only affects up to version V2.6.36

^{_{Subscribers  do not see these advertisements}}

 

[the1andonly]

Not sure why those would be of interest as they have all been patched. Only people running old, badly supported hardware should be affected by any of those?

That CVE you mention only affect linux kernels up to 2.6.36

To give you some idea of an active Kernel version. I am on V5.4.0 and that CVE only affects up to version V2.6.36

Yes interesting that just aded when so old.
Ps i find these snippets useful/interesting, not all remarks are snipping, no need to get so defensive.

 

[Gromett]

Yes interesting that just aded when so old.
Ps i find these snippets useful/interesting, not all remarks are snipping, no need to get so defensive.

You misread the tone of my response. The first line was a question. The last line was explaining why I asked the question.
I was not being defensive, I was asking a question.

 

[the1andonly]

trouble with plasticene i cant read the body language