https://bit.ly/3FvbLci - Multiple Internet to Baseband Remote Code Execution Vulnerabilities in Exynos Modems In late 2022 and early 2023, Project Zero reported eighteen 0-day vulnerabilities in Samsung Semiconductor's Exynos Modems. Four of the most severe vulnerabilities enable Internet-to-baseband remote code execution, allowing an attacker to remotely compromise a phone with just the victim's phone number. The other fourteen vulnerabilities require either a malicious mobile network operator or local access to the device. Affected devices include Samsung, Vivo, and Google Pixel series, as well as vehicles using Exynos Auto T5123 chipset. Users can protect themselves by turning off Wi-Fi calling and VoLTE in their device settings until security updates become available. Project Zero has decided to withhold disclosure of the four most severe vulnerabilities due to their potential impact on users.