Man
Professional
- Messages
- 3,067
- Reaction score
- 597
- Points
- 113
No one knows how many devices may have been compromised as a result of the actions of criminals.
Qualcomm has released security updates to address nearly two dozen vulnerabilities covering both proprietary and open source components. Among them, one vulnerability stands out that is actively used in real attacks.
This critical vulnerability, registered as CVE-2024-43047 with a CVSS score of 7.8, is related to a Use-After-Free error in the Digital Signal Processor (DSP) service. It may cause memory corruption when saving HOLOS memory cards.
The problem was reported by Google Project Zero researchers Seth Jenkins and Congui Wang, and Amnesty International's Security Lab confirmed that it was actively exploited.
Qualcomm noted in its notice that according to the Google Threat Analysis Group, this vulnerability can be used for targeted attacks. The chipmaker also strongly recommended that OEMs release updates for devices affected by this issue, especially for the FASTRPC driver.
It is not yet known how widespread these attacks were, but there is a possibility that the vulnerability could have been used for espionage attacks against members of civil society.
In addition, the October update resolves a critical vulnerability in WLAN Resource Manager (CVE-2024-33066) that has a CVSS score of 9.8. The problem is caused by improper input validation and can also lead to memory corruption.
Qualcomm's updates were released in parallel with Google's monthly Android security bulletin, which fixes 28 vulnerabilities, including issues in components of Imagination Technologies, MediaTek, and Qualcomm.
Source
Qualcomm has released security updates to address nearly two dozen vulnerabilities covering both proprietary and open source components. Among them, one vulnerability stands out that is actively used in real attacks.
This critical vulnerability, registered as CVE-2024-43047 with a CVSS score of 7.8, is related to a Use-After-Free error in the Digital Signal Processor (DSP) service. It may cause memory corruption when saving HOLOS memory cards.
The problem was reported by Google Project Zero researchers Seth Jenkins and Congui Wang, and Amnesty International's Security Lab confirmed that it was actively exploited.
Qualcomm noted in its notice that according to the Google Threat Analysis Group, this vulnerability can be used for targeted attacks. The chipmaker also strongly recommended that OEMs release updates for devices affected by this issue, especially for the FASTRPC driver.
It is not yet known how widespread these attacks were, but there is a possibility that the vulnerability could have been used for espionage attacks against members of civil society.
In addition, the October update resolves a critical vulnerability in WLAN Resource Manager (CVE-2024-33066) that has a CVSS score of 9.8. The problem is caused by improper input validation and can also lead to memory corruption.
Qualcomm's updates were released in parallel with Google's monthly Android security bulletin, which fixes 28 vulnerabilities, including issues in components of Imagination Technologies, MediaTek, and Qualcomm.
Source
