December 3, 2023

The U.S. CISA has warned of active exploitation of a medium severity flaw affecting Samsung devices.

The security bug tracked as CVE-2023-21492 with a CVSS score of 4.4, impacts select Samsung devices running Android versions 11, 12, and 13.

The issue is described as an information disclosure flaw that could be exploited by a privileged attacker to bypass address space layout randomization protections.

Advertisements

ASLR is a security technique that’s designed to thwart memory corruption and code execution flaws by obscuring the location of an executable in a device’s memory.

Samsung advisory, notified that this exploit for this issue had existed in the wild, added it was privately disclosed to the company on January 17, 2023. Other details about how the flaws are being exploited are currently not known.

The other two bugs added to the catalog is

  • CVE-2004-1464 Cisco IOS Denial-of-Service Vulnerability
  • CVE-2016-6415 Cisco IOS, IOS XR, and IOS XE IKEv1 Information Disclosure Vulnerability

The bug was added to CISA Known Exploited Vulnerabilities Catalog, and the due date is set as June 09, 2023

Tags:

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

You may have missed

TheCyberThrone CyberSecurity Newsletter Top 5 Articles – November, 2023

December 2, 2023

Staples affected by a Cyber Attack

December 2, 2023

CISA KEV Update Part I – December 2023

December 1, 2023 2

Dollar Tree Affected by a Third Party Breach

December 1, 2023

Apple Patches iOS zerodays – CVE-2023-42916 and CVE-2023-42917

December 1, 2023

TheCyberThrone Security Week In Review – November 25, 2023

November 30, 2023
%d bloggers like this: