Project Zero, Google's zero-day bug-hunting team, discovered and reported 18 zero-day vulnerabilities in Samsung’s Exynos chipsets
Four of the eighteen zero-days were identified as the most serious, enabling remote code execution from the Internet to the baseband, allow attackers to compromise vulnerable devices remotely and without any user interaction.
The only information required for the attacks to be pulled off is the victim's phone number.
Mobile devices from Samsung, including those in the S22, M33, M13, M12, A71, A53, A33, A21, A13, A12 and A04 series are affected.
However, until patches are available, users can thwart baseband RCE exploitation attempts targeting Samsung's Exynos chipsets in their device by disabling Wi-Fi calling and Voice-over-LTE (VoLTE) to remove the attack vector.
