{"uuid": "f53284b1-cf64-4663-a890-0229fb78651c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-26083", "type": "exploited", "source": "https://t.me/androidMalware/2016", "content": "In December 2022, Google discovered in-the-wild exploit chain targeting Samsung Android devices used by commercial mobile spyware vendor Variston.\nIt appears that n-day exploits that were fixed in Google products in 2022 (Chrome), were not fixed yet in Samsung (Samsung browser) and because of that exploited by espionage software in early exploitation stages.\nFinal stage, describes how attacker achieved execution as system_server (CVE-2023-0266, CVE-2023-26083)\nhttps://googleprojectzero.blogspot.com/2023/09/analyzing-modern-in-wild-android-exploit.html", "creation_timestamp": "2023-10-07T22:43:19.000000Z"}