"Google Warns of Samsung Zero-Day Exploited in the Wild"

Security researchers at Google's Threat Analysis Group recently discovered a zero-day vulnerability in Samsung's mobile processors that has been leveraged as part of an exploit chain for arbitrary code execution.  Tracked as CVE-2024-44068 (CVSS score of 8.1) and patched as part of Samsung's October 2024 set of security fixes, the issue is described as a use-after-free bug that could be abused to escalate privileges on a vulnerable Android device.  According to a NIST advisory, the issue was discovered in the m2m scaler driver in Samsung Mobile Processor and Wearable Processor Exynos 9820, 9825, 980, 990, 850, and W920.  

SecurityWeek reports: "Google Warns of Samsung Zero-Day Exploited in the Wild"