[Replicant] Unpatched Samsung Chipset Vulnerabilities Open Android Users to RCE Attacks

Denis 'GNUtoo' Carikli GNUtoo at cyberdimension.org
Fri Mar 24 22:29:24 UTC 2023


On Wed, 22 Mar 2023 19:19:40 -0000
John via Replicant <replicant at osuosl.org> wrote:

> Does this affect Replicant devices too?
> 
> https://www.darkreading.com/attacks-breaches/samsung-chipset-vulnerabilities-android-users-rce-attacks
I'm not sure if Replicant devices are affected too, though:
- It's relatively easy to find vulnerabilities in Samsung modems more
  recent than the ones supported by Replicant, so it would be
  surprising if it wasn't easy to also find similar vulnerabilities in
  the modems of Replicant compatible smartphones.

- Replicant 6.0 probably has many unpatched vulnerabilities because
  it's based on a LineageOS version that isn't maintained anymore. Some
  are probably serious and easily exploitable (like the ones in
  Webview, the browser component used in many Android applications).

Denis.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.osuosl.org/pipermail/replicant/attachments/20230324/029f5244/attachment.asc>


More information about the Replicant mailing list