Google security teams have discovered 18 zero-day vulnerabilities in Samsung Exynos chips used in several top Android smartphones and wearables that may put those devices at risk.
Google's Project Zero head Tim Willis said in a blog post that four most severe of these vulnerabilities "allowed for Internet-to-baseband remote code execution".
Tests conducted by Project Zero confirmed that those four vulnerabilities allow an attacker to remotely compromise a phone at the baseband level with no user interaction, and require only that the attacker know the victim's phone number.
With limited additional research and development, "we believe that skilled attackers would be able to quickly create an operational exploit to compromise affected devices silently and remotely", said Google security researchers.
"Until security updates are available, users who wish to protect themselves from the baseband remote code execution vulnerabilities in Samsung's Exynos chipsets can turn off Wi-Fi calling and Voice-over-LTE (VoLTE) in their device settings," said Willis.
Turning off these settings will remove the exploitation risk of these vulnerabilities, he added.
Apple iOS 16.0.3 update for iPhones fixes bugs, updates security: Know more
CERT-In warns WhatsApp users of bugs that remote attackers can exploit
Surveillance vendor targeted Samsung smartphones with zero-day bugs: Google
Microsoft Teams Rooms on Android gets new features with Update 3: Details
Microsoft Teams adds free communities feature, plans to take on rivals
Apple now experimenting with language-generating AI in ChatGPT era
OPPO Find N2 Flip phone goes on sale with introductory offers: Details here
Microsoft to bring OpenAI's chatbot tech to Outlook, Word, Power Point
Microsoft 365 Copilot: Microsoft is bringing AI to its productivity apps
Pixel 8 Pro to have less curved screen than its predecessor: Report
The affected mobile devices are from Samsung, Vivo, Google (Pixel 6 and Pixel 7 series); any wearables that use the Exynos W920 chipset; and any vehicles that use the Exynos Auto T5123 chipset.
Google expects that patch timelines will vary per manufacturer, and affected Pixel devices have already received a fix.
"As always, we encourage end users to update their devices as soon as possible, to ensure that they are running the latest builds that fix both disclosed and undisclosed security vulnerabilities," said Google.