The security flaws have no effect on the phones powered by the chip.
There were two issues, one of which caused memory corruption and the other exposing physical addresses to userspace.
The Project Zero team noticed that these issues had not been patched into their devices.
According to a report published by Project Zero, a team of security experts responsible for discovering zero-day vulnerabilities, a number of devices in theAndroid platform have vulnerabilities that were spotted in June and July.
A hacker with native code can get full control of a phone by avoiding the permission model in the OS. The security flaws were patched in July and August.
The attacker might be able to access read only memory pages. One of the security bugs is said to cause memory corruption and another to expose physical memory addresses. According to reports, the remaining three flaws could result in a physical page use-after-free condition.
The Project Zero team noticed that the makers of the devices had not patched the issues into their devices yet. This means that potential attackers are still able to use the devices.
The vulnerabilities discussed are fixed by the upstream vendor, but at the time of publication, the fixes have not yet made it downstream to affected devices. Ian Beer of Project Zero said that the devices were vulnerable
There are millions of devices that are vulnerable to this security flaw, and they are all powered by the Exynos chip. The security flaws do not affect the devices. The chips used in the phones are also affected.
“Companies need to remain vigilant, follow upstream sources closely, and do their best to provide complete patches to users as soon as possible”, according to the company.
