Google warns: Samsung zero-day vulnerability under active exploit

A zero-day vulnerability called CVE-2024-44068 was discovered in Samsung’s mobile processors and is used in an exploit chain to execute arbitrary code.

The vulnerability received a critical CVSS score of 8.1 out of 10 and was patched in Samsung’s October batch of security fixes.

A Advice to the National Institute of Standards and Technology (NIST). about the error describes it as “a problem”. [that] was discovered in the M2M scaler driver in the Samsung mobile processor and the Exynos 9820, 9825, 980, 990, 850 and W920 wearable processors.

Google researcher Xingyu Jin was credited with reporting the bug earlier this year, and Google TAG researcher Clement Lecigne warned about it There is an exploit in the wild.

“This zero-day exploit is part of an EoP chain,” Jin and Lecigne noted. “The actor is able to execute arbitrary code in a privileged camera server process. The exploit also renamed the process name itself to “”.[email protected]’, probably for anti-forensic purposes.’