The original post: /r/cybersecurity by /u/cyberkite1 on 2024-10-10 21:17:05.
📲 CYBERSECURITY ALERT❗Qualcomm has confirmed a significant security vulnerability affecting millions of Android devices!
Affected devices are: flagship Snapdragon 8 (Gen 1) mobile platform, used is many Android phones, including some made by Motorola, Samsung, OnePlus, Oppo, Xiaomi, and ZTE - this potentially means millions of devices. Any others?
Qualcomm has released patches for a critical zero-day vulnerability (CVE-2024-43047) in its Digital Signal Processor (DSP) service, impacting several of its chipsets.
This flaw, identified by Google Project Zero, Amnesty International, and other researchers, could lead to memory corruption and was actively exploited by attackers. Qualcomm has urged OEMs to roll out these patches swiftly to affected devices.
The vulnerability was caused by a use-after-free weakness in the DSP kernel, which could be exploited by local attackers with low privileges. It was labeled as "limited and targeted" by security researchers, suggesting it may have been used in attacks against high-risk individuals, including journalists and dissidents.
In addition to CVE-2024-43047, Qualcomm also addressed another severe flaw (CVE-2024-33066) related to improper input validation in the WLAN Resource Manager. Both patches are now available to OEMs, with Qualcomm strongly recommending their immediate deployment.
Recommended remedies:
- Qualcomm's continued work in addressing critical vulnerabilities highlights the importance of regular security updates to protect devices from potential exploitation.
- Users should reach out to their device manufacturers to ensure their devices are fully patched.
- Anything else?
Read more on this: https://www.bleepingcomputer.com/news/security/qualcomm-patches-high-severity-zero-day-exploited-in-attacks/