Samsung, a maker of Android mobile devices, has released a patch for a vulnerability used by cybercriminals for commercial surveillance to install malware in the United Arab Emirates. In March, security experts from Google and Amnesty International uncovered an exploit chain that was allegedly created by Barcelona spyware company Variston to spread surveillance software to devices in the UAE.
The exploit chain made use of a number of zero-day vulnerabilities, some of which chipmaker ARM, chipmaker Samsung, and search engine Google had already patched. This month, Samsung is addressing one of the last kernel security holes that were leveraged in the attack chain. The business CVE-2023-21492 in a warning. It stated in an advisory that “an exploit for this issue had existed in the wild.”