Qualcomm has confirmed a zero-day vulnerability in a range of mobile processors and wireless technology chips that is already being exploited by malicious attackers. There are hardly any details yet, but since many of the affected chips for Android smartphones and tablets have been on the market for several years, multiple attacks may have been attempted. However, Qualcomm admits limited and targeted attacks.
Advertisement
The previously unknown zero-day vulnerability is listed as CVE-2024-43047 and could allow unauthorized access to the device’s memory. Qualcomm gives high security rating to vulnerability US cyber security agency CISA Classifies it as important. after qualcomm information It was discovered at the end of July this year. The company notified its customers in early September and provided a patch that manufacturers of Android devices should deploy.
“Underwater”: films of German star director Berger for Vision ProIn addition to WLAN and Bluetooth chips, Qualcomm platforms affected by the security gap include the Snapdragon 660, 680, 685, 865, 870, 888 and 888+ mobile processors widely used in Android smartphones, as well as the Snapdragon 8 Gen 1. Are. Mobile platform. The Snapdragon 660 was introduced in 2017 and was especially popular with mid-range smartphones from Chinese manufacturers like Xiaomi. The Snapdragon 888+ was Qualcomm’s high-end chip of 2021, and the Snapdragon 8 Gen 1 was released the following year.
Searched by Google and Amnesty International
The zero-day gap was found by security researchers at Google’s “Threat Analysis Group”, which focuses on state-sponsored cyberattacks, and human rights organization Amnesty International’s “Security Lab”, which seeks to protect society from digital surveillance. . And spyware. Both organizations confirm that the vulnerability has been attacked. While Google follows Qualcomm’s information According to TechCrunch While not wanting to add anything, Amnesty International promised that an investigation report would be published shortly.
Qualcomm did not want to provide details about the attacks based on this vulnerability and referred Google to security researchers and Amnesty International, so further information is still pending. However, widespread attacks cannot be expected, as both organizations consider this zero-day vulnerability suitable for limited and targeted attacks. This means that only individual people are likely to be attacked, not large numbers of users.
(FDS)
Heise+ update from October 11, 2024: Reading tips for the weekend
