See also the Google Project Zero site !!! https://googleprojectzero.blogspot.com/2023/03/multiple-internet-to-baseband-remote-rce.html As far as for today 17 March 2023 there have been three updates on the article. Read the article and scroll down to the bottom for the updates sofar (whether there will come more updates, I don't know).
'Following Delay, Google’s Pixel 6 Lineup Gets March Update' Following Delay, Google’s Pixel 6 Lineup Gets March Update
I work in a company where a lot of phones issued for workers or otherwise enrolled to EMM are vulnerable to those... VoLTE disable button is grayed out on a lot of them....
Wait a minute, so simply by making a phone call they could hack into a smartphone? But they don't explain what capabilities these hackers would then have, buy yes scary indeed. Apparently you are only vulnerable when WiFi calling and VoLTE are enabled.
https://www.reviews.org/mobile/what-is-volte/ https://www.computerworld.com/article/3230510/what-is-enterprise-mobility-management-emm.html
Any and all calls in 4G (and 5G NSA) are based on VoIP-like solutions: VoLTE, VoWifi. It doesn't matter if it is smartphone or feature/dumb phone with 4G capabilities. Disabling VoLTE in practical terms and most scenarios (except rarely used VoWifi) means that there is a need to fallback to older gen radio technology: 2G or 3G. EMM is not part of vulnerability. I just wanted to highlight that some of those smartphones have access to company resources, so it is a serious problem not only for private users.
