Google Reveals Spyware Vendor's Use of Samsung Phone Zero-Day Exploits
09-Nov-22
The vulnerabilities�identified as CVE-2021-25337, CVE-2021-25369, and CVE-2021-25370�have been chained together and used against Android phones, but they also affect specially made Samsung components. According to the description of the security flaws, a customised clipboard content provider can read and write arbitrary files.
A�use-after-free bug in the driver for the display processing unit and a kernel information leak. Three Samsung phone vulnerabilities that were used by a spyware vendor while they were still considered zero-day vulnerabilities have been made public thanks to Google Project Zero.
