CVE-2023-24033

CVE-2023-24033 is a significant software vulnerability discovered in Google Pixel devices. The flaw, along with three other yet-to-be-named vulnerabilities, was identified as part of a set of eighteen vulnerabilities found by researchers. These four most severe flaws, including CVE-2023-24033, allow for internet-to-baseband remote code execution (RCE), enabling threat actors to remotely compromise smartphone devices using only the victim's phone number. This discovery was documented in a blog post by Tim Willis, head of Project Zero. Google acted promptly to address CVE-2023-24033, releasing a fix as part of their March 2023 security update. However, as of the time of reporting, Google had not provided information on when patches for the remaining vulnerabilities would be available. This lack of immediate response left users potentially exposed to the other severe vulnerabilities that were identified alongside CVE-2023-24033. Tests conducted by Project Zero confirmed the severity and exploitability of these vulnerabilities, including CVE-2023-24033. These tests demonstrated the potential for an attacker to remotely compromise a phone at the baseband level, highlighting the critical nature of these flaws. As such, it is crucial for users and organizations to apply the available patches and stay updated on further developments regarding the remaining vulnerabilities.