Multiple Internet to Baseband Remote Code Execution Vulnerabilities in Exynos Modems

- Project Zero reported 18 vulnerabilities in Samsung's Exynos Modems, with four allowing remote code execution via the phone number. - The four severe vulnerabilities (CVE-2023-24033, CVE-2023-26496, CVE-2023-26497, CVE-2023-26498) enable attackers to compromise devices remotely without user interaction. - The 14 other vulnerabilities require local access or a malicious mobile network operator. - Affected devices include Samsung phones (S22, M33, A71, etc.), Vivo phones (S16, S15, etc.), Pixel 6/7 series, and vehicles with Exynos Auto T5123 chipset. - Patch timelines vary per manufacturer, but users can disable Wi-Fi calling and VoLTE as a temporary measure. - Project Zero withheld four vulnerabilities from disclosure due to potential harm to defenders. - Users are encouraged to update their devices promptly to mitigate both disclosed and undisclosed vulnerabilities.