Qualcomm has confirmed a high-severity vulnerability in several of its chips, including some of its most popular mid-range and high-end processors. The worst part is that security researchers have discovered signs that the vulnerability is exploited by malicious agents, but without discrimination.
The CVE-2024-43047 vulnerability is exploited “in a limited and targeted manner” and is a UAF or Use After Free vulnerability, through which an attacker can execute arbitrary code
Dozens of Qualcomm chips are affected
Qualcomm’s security bulletin describes a dozen security flaws found, although among them CVE-2024-43047 stands out for its targeted exploitation.
This means that ordinary users shouldn’t worry too much about itbecause it is an attack vector used for targeted hacks, such as those carried out with tools like Pegasus. Yes, this is a problem for public figures who may be victims of government espionage.
The issue was discovered in July in Qualcomm DSP Services and is described as memory corruption while servicing HLOS memory cards. It is marked with high severity (7.8 points) and affects several dozen Qualcomm chips, from FastConnect WiFi chips to other components and the following processors
- Snapdragon 660
- Snapdragon 680
- Snapdragon 685
- Snapdragon 8 generation 1
- Snapdragon 865 5G
- Snapdragon 865+ 5G
- Snapdragon 870 5G
- Snapdragon 888 5G
- Snapdragon 888+ 5G
Qualcomm has already prepared the patch for this vulnerability, but it is up to each manufacturer to send it as an update to affected devices. Qualcomm issued a “strong recommendation” to its partners to send the patch to devices as soon as possible, but many they will receive the patch late or not at all
For example, the Snapdragon 660 is a 2017 processor and the mobile phones that were launched with it have stopped receiving updates for a long time, which will expose them to this security issue. However, as we mentioned previously, this is not a massively and indiscriminately exploited vulnerability, meaning most users shouldn’t be too concerned about it.
By | Android Font
In Xataka Android | Android Security Patches: What They Are and Why It’s Important to Install Them
