Techno Blender
Digitally Yours.

Patch your Pixel and Samsung phones immediately. Here’s why

0 27


June Wan/ZDNet

Two very serious vulnerabilities were discovered recently by Google’s Project Zero that directly affect Android phones made by Google and Samsung. The vulnerabilities are both tagged as “severe,” which means they require immediate patching, otherwise you could be at risk.

It might sound like hyperbole, but this time around it’s on the mark. 

Exynos chipset vulnerability

The first vulnerability (and decidedly the worst) affects Exynos modems. There are four vulnerabilities that can cause serious problems with the Exynos hardware such that, even without user interaction, a hacker would only need to know your phone number to create an exploit and compromise your phone remotely. 

Also: The best Android phones 

The known devices that are affected by these vulnerabilities are:

  • Samsung Galaxy S22, M33, M13, M12, A71, A53, A33, A21, A13, A12, and A04 series.
  • Vivo S16, S15, S6, X70, X60, and X30 series.
  • Google Pixel 6, 6 Pro, Pixel 6a, Pixel 7, and 7 Pro.
  • All wearables that employ the Exynos W920 chipset (such as the Galaxy Watch 4 and 5).
  • All vehicles that employ the Exynos Auto T5123 chipset.

All-in-all, a total of 18 zero-day vulnerabilities were discovered in Samsung’s Exynos chipsets, with seven of them allowing for remote code execution. 

Also: The best Pixel phones

Google has released the March Pixel update to patch these vulnerabilities. The patch was made available to my Pixel 7 Pro over the weekend, but my wife’s Pixel 6 Pro has yet to receive the update. It’s crucial that anyone with an affected device checks and applies the update as soon as they are made available to your device. 

How to check for an update on a Pixel phone

The first thing to do is open the Settings app on your phone, which you can do from either the gear icon in the Notification Shade or from the App Drawer.

Scroll to the bottom of Settings and tap System. From the System page, tap System Update and then tap Check For Update. If there’s an update for your phone, apply it immediately.

The Wi-Fi calling feature on a Pixel 7 Pro running Android 13.

If Wi-Fi calling is enabled and you have yet to receive the update, turn off Wi-Fi calling.

Image: Jack Wallen

Checking for updates on Samsung phones

If you use an affected Samsung device, make sure to go to Settings > Software (or System) Updates. If you see the March 1, 2023 Security Patch listed, you’re good to go for five of the eighteen vulnerabilities (CVE-2023-26072, CVE-2023-26073, CVE-2023-26074, CVE-2023-26075, CVE-2023-26076). The remaining vulnerabilities have yet to pass the 90-day deadline nor have been assigned CVE-IDs.  Along with the March 1, 2023 update, Samsung updated its advisories to remove the Exynos W920 SoC as an affected chip.

An updated patch shown for a Samsung Galaxy phone.

Samsung phones must have the March 2023 security patch to be safe from the Exynos vulnerability.

Image: Alyson Windsor/ZDNET

What to do if your phone has yet to receive the update?

If your phone has yet to receive the update, you’ll want to turn off VoLTE and Wi-FI calling. To do this, go to Settings > Network & Internet > SIMs > Wi-Fi Calling. Make sure to tap the ON/OFF slider for Use Wi-Fi Calling until it’s in the off position.

Markup tool for screenshots on Pixel

The next severe vulnerability was found in the Pixel Phone’s Markup utility and allows hackers to unredact and uncrop edited screenshots taken on the device. If you take a lot of screenshots (especially those that display sensitive information), this vulnerability should be take seriously. For example, you might share a screenshot that includes bank account information. You might redact the sensitive information before sharing it. With this vulnerability, a hacker could reveal that sensitive information and use it against you.

Also: How to set up a locked folder in Google Photos on Android (and why you should)

Screenshots shared via services that compress and decompress images (such as Twitter) aren’t vulnerable. But this is not something you want to take a chance with.

Fortunately, Google patched this flaw in the March Security Update, so, as long as you’ve applied the patch, you’re good to go.

However — and this is a big “however” — even with the patch, any screenshot you’ve taken prior to the update will still be vulnerable. To that end, I would suggest you delete any screenshot (from both phone and cloud) that contains sensitive information (whether you’ve redacted it or not).

If your Pixel or Samsung phone has yet to receive patches for either/both of these vulnerabilities, I highly recommend you check daily until the update arrives and apply it as soon as it does.


samsung-galaxy-s22-purple-in-pocket

June Wan/ZDNet

Two very serious vulnerabilities were discovered recently by Google’s Project Zero that directly affect Android phones made by Google and Samsung. The vulnerabilities are both tagged as “severe,” which means they require immediate patching, otherwise you could be at risk.

It might sound like hyperbole, but this time around it’s on the mark. 

Exynos chipset vulnerability

The first vulnerability (and decidedly the worst) affects Exynos modems. There are four vulnerabilities that can cause serious problems with the Exynos hardware such that, even without user interaction, a hacker would only need to know your phone number to create an exploit and compromise your phone remotely. 

Also: The best Android phones 

The known devices that are affected by these vulnerabilities are:

  • Samsung Galaxy S22, M33, M13, M12, A71, A53, A33, A21, A13, A12, and A04 series.
  • Vivo S16, S15, S6, X70, X60, and X30 series.
  • Google Pixel 6, 6 Pro, Pixel 6a, Pixel 7, and 7 Pro.
  • All wearables that employ the Exynos W920 chipset (such as the Galaxy Watch 4 and 5).
  • All vehicles that employ the Exynos Auto T5123 chipset.

All-in-all, a total of 18 zero-day vulnerabilities were discovered in Samsung’s Exynos chipsets, with seven of them allowing for remote code execution. 

Also: The best Pixel phones

Google has released the March Pixel update to patch these vulnerabilities. The patch was made available to my Pixel 7 Pro over the weekend, but my wife’s Pixel 6 Pro has yet to receive the update. It’s crucial that anyone with an affected device checks and applies the update as soon as they are made available to your device. 

How to check for an update on a Pixel phone

The first thing to do is open the Settings app on your phone, which you can do from either the gear icon in the Notification Shade or from the App Drawer.

Scroll to the bottom of Settings and tap System. From the System page, tap System Update and then tap Check For Update. If there’s an update for your phone, apply it immediately.

The Wi-Fi calling feature on a Pixel 7 Pro running Android 13.

If Wi-Fi calling is enabled and you have yet to receive the update, turn off Wi-Fi calling.

Image: Jack Wallen

Checking for updates on Samsung phones

If you use an affected Samsung device, make sure to go to Settings > Software (or System) Updates. If you see the March 1, 2023 Security Patch listed, you’re good to go for five of the eighteen vulnerabilities (CVE-2023-26072, CVE-2023-26073, CVE-2023-26074, CVE-2023-26075, CVE-2023-26076). The remaining vulnerabilities have yet to pass the 90-day deadline nor have been assigned CVE-IDs.  Along with the March 1, 2023 update, Samsung updated its advisories to remove the Exynos W920 SoC as an affected chip.

An updated patch shown for a Samsung Galaxy phone.

Samsung phones must have the March 2023 security patch to be safe from the Exynos vulnerability.

Image: Alyson Windsor/ZDNET

What to do if your phone has yet to receive the update?

If your phone has yet to receive the update, you’ll want to turn off VoLTE and Wi-FI calling. To do this, go to Settings > Network & Internet > SIMs > Wi-Fi Calling. Make sure to tap the ON/OFF slider for Use Wi-Fi Calling until it’s in the off position.

Markup tool for screenshots on Pixel

The next severe vulnerability was found in the Pixel Phone’s Markup utility and allows hackers to unredact and uncrop edited screenshots taken on the device. If you take a lot of screenshots (especially those that display sensitive information), this vulnerability should be take seriously. For example, you might share a screenshot that includes bank account information. You might redact the sensitive information before sharing it. With this vulnerability, a hacker could reveal that sensitive information and use it against you.

Also: How to set up a locked folder in Google Photos on Android (and why you should)

Screenshots shared via services that compress and decompress images (such as Twitter) aren’t vulnerable. But this is not something you want to take a chance with.

Fortunately, Google patched this flaw in the March Security Update, so, as long as you’ve applied the patch, you’re good to go.

However — and this is a big “however” — even with the patch, any screenshot you’ve taken prior to the update will still be vulnerable. To that end, I would suggest you delete any screenshot (from both phone and cloud) that contains sensitive information (whether you’ve redacted it or not).

If your Pixel or Samsung phone has yet to receive patches for either/both of these vulnerabilities, I highly recommend you check daily until the update arrives and apply it as soon as it does.

FOLLOW US ON GOOGLE NEWS

Read original article here

Denial of responsibility! Techno Blender is an automatic aggregator of the all world’s media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials, please contact us by email – [email protected]. The content will be deleted within 24 hours.

Leave a comment