Samsung Zero-Day Vuln Under Active Exploit, Google Warns

If its exploited, bad actors can execute arbitrary code while evading detection thanks to a renamed process.

A zero-day vulnerability, tracked as CVE-2024-44068, has been discovered in
Samsungs
mobile processors and is being used in an exploit chain for arbitrary code execution.
The vulnerability was given a critical CVSS score of 8.1 out of 10 and was patched in Samsungs October set of security fixes.
A
National Institute of Standards and Technology (NIST) advisory
on the bug describes it as an issue [that] was discovered in the m2m scaler driver in Samsung Mobile Processor and Wearable Processor Exynos 9820, 9825, 980, 990, 850, and W920. A use-after-free bug in the mobile processor ultimately leads to privilege escalation, the agency added.
Google researcher Xingyu Jin was credited with reporting the flaw earlier this year, and Google TAG researcher Clement Lecigne warned that
an exploit exists
in the wild.
This zero-day exploit is part of an EoP chain, Jin and Lecigne noted. The actor is able to execute arbitrary code in a privileged camera server process. The exploit also renamed the process name itself to [email protected], probably for anti-forensic purposes.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Samsung Zero-Day Vuln Under Active Exploit, Google Warns