Tech

Patch your Pixel and Samsung phones instantly. This is why


samsung-galaxy-s22-purple-in-pocket

Jun Wan/ZDNet

Two very serious vulnerabilities were discovered recently by Project Zero by Google directly affects Android phones manufactured by Google and Samsung. Both vulnerabilities are tagged as “severe”, which means they need to be patched immediately, or you could be at risk.

It sounds like hyperbole, but this time it got ticked.

Exynos chipset flaw

The first (and certainly the worst) vulnerability affects Exynos modems. There are four vulnerabilities that can cause serious problems with Exynos hardware, even without user interaction, hackers only need to know your phone number to exploit and penetrate your phone remotely .

Also: Best Android phone

The known devices affected by these vulnerabilities are:

  • Samsung Galaxy S22, M33, M13, M12, A71, A53, A33, A21, A13, A12 and A04 series.
  • Vivo S16, S15, S6, X70, X60 and X30 series.
  • Google Pixel 6, 6 Pro, Pixel 6a, Pixel 7 and 7 Pro.
  • All wearables use the Exynos W920 chipset (such as the Galaxy Watch 4 and 5).
  • All vehicles use Exynos Auto T5123 chipset.

Overall, a total of 18 zero-day vulnerabilities were discovered in Samsung’s Exynos chipset, with seven of them allowing remote code execution.

Also: Best Pixel phones

Google released Pixel Update March to patch these vulnerabilities. The patch was made available to my Pixel 7 Pro over the weekend, but my wife’s Pixel 6 Pro has yet to receive the update. It’s important that anyone with an affected device check for and apply updates as soon as they’re made available to your device.

How to check for updates on Pixel phones

The first thing to do is open the Settings app on your phone, which you can do from the gear icon in the Notification shade or from the App Drawer.

Scroll to the bottom of Settings and tap System. From the System page, tap System Updates and then tap Check for Updates. If an update is available for your phone, apply it immediately.

Wi-Fi calling on Pixel 7 Pro running Android 13.

If Wi-Fi calling is enabled and you still haven’t received the update, turn off Wi-Fi calling.

Photo: Jack Wallen

Check for updates on Samsung phones

If you’re using an affected Samsung device, make sure to go to Settings > Software (or System) Update. If you see the March 1, 2023 Security Patch listed, you should look at five of the eighteen vulnerabilities (CVE-2023-26072, CVE-2023-26073, CVE-2023-26074, CVE-2023 -26075, CVE -2023-26076). The remaining vulnerabilities have not yet passed the 90-day deadline and have not been assigned a CVE-ID. Along with the March 1, 2023 update, Samsung updated its advice to remove the Exynos W920 SoC from the affected chip list.

An updated patch is shown for Samsung Galaxy phones.

Samsung phones must have the March 2023 security patch to be safe from the Exynos vulnerability.

Image: Alyson Windsor/ZDNET

What to do if your phone still hasn’t received the update?

If your phone hasn’t received the update yet, you’ll want to disable VoLTE and Wi-FI calling. To do this, go to Settings > Network & Internet > SIM > Wi-Fi Calling. Make sure to press the ON/OFF slider to Use Wi-Fi Calling until it is in the off position.

Markup tool for screenshots on Pixel

The next critical vulnerability is found in the Markup utility of Pixel Phones and allows hackers to unedit and crop edited screenshots taken on the device. If you take a lot of screenshots (especially those showing sensitive information), this vulnerability needs to be taken seriously. For example, you can share a screenshot that includes bank account information. You can rearrange sensitive information before sharing. With this vulnerability, hackers can reveal that sensitive information and use that information against you.

Also: How to Set Up a Locked Folder in Google Photos on Android (and Why You Should)

Screenshots shared via image compression and decompression services (such as Twitter) are not vulnerable. But this is not something you want to risk.

Luckily, Google patched this vulnerability in its March Security Update, so as long as you’ve applied the patch, you’re good to go.

However — and this is a big “however” — even with the patch, any screenshots you took before the update would still be vulnerable. To do that, I recommend deleting any screenshots (from both the phone and the cloud) that contain sensitive information (whether you edit it or not).

If your Pixel or Samsung phone has not received a patch for either/both of these vulnerabilities, you should check daily until an update is available and apply it as soon as it is available.

news7f

News7F: Update the world's latest breaking news online of the day, breaking news, politics, society today, international mainstream news .Updated news 24/7: Entertainment, Sports...at the World everyday world. Hot news, images, video clips that are updated quickly and reliably

Related Articles

Back to top button