Android smartphone device manufacturer Samsung has a patch for a flaw used by commercial surveillance hackers to implant malware in the United Arab Emirates.
Security researchers at Google and Amnesty International in March reported an exploit chain apparently developed by Barcelona spyware vendor Variston to deploy a surveillance malware to devices located in the UAE.
The exploit chain took advantage of multiple zero-days, some of which Samsung, Google and chipmaker ARM have already fixed. Samsung this month is patching one of the remaining kernel information leak bugs used in the exploit chain. In an advisory, the company CVE-2023-21492. In an advisory, it said it is aware that “an exploit for this issue had existed in the wild.”