Subj : Qualcomm releases raft of security patches, urges users to fix no
To   : All
From : TechnologyDaily
Date : Wed Oct 09 2024 14:30:05

Qualcomm releases raft of security patches, urges users to fix now

Date:
Wed, 09 Oct 2024 13:16:00 +0000

Description:
The company released fixes for 20 flaws, including some allegedly exploited 
in the wild.

FULL STORY
======================================================================

Qualcomm has released almost two dozen patches for different products, 
fixing, among other things, a vulnerability most likely being exploited by 
state-sponsored attackers. 

The company's security advisory detailed 20 patches for vulnerabilities 
affecting different chipsets, including CVE-2024-43047, a high-severity (7.8 
score) bug described as memory corruption while maintaining memory maps of 
HLOS memory. 

The bug was said to be affecting Snapdragon 660 and above, 5G modems, and 
FastConnect 6700, 6800, 6900, and 7800 Wi-Fi/Bluetooth kits. Multiple devices 
affected 

Qualcomm stressed this bug had already been mentioned by Googles Threat 
Analysis Group (TAG), the companys security arm that usually analyzes 
zero-day vulnerabilities exploited by nation-states and other state-sponsored 
actors. 

"There are indications from Google Threat Analysis Group that CVE-2024-43047 
may be under limited, targeted exploitation," the advisory reads. "Patches 
for the issue affecting the FASTRPC driver have been made available to OEMs 
together with a strong recommendation to deploy the update on affected 
devices as soon as possible." 

Another notable mention from the batch is the patch for CVE-2024-33066, a 
vulnerability described as memory corruption while redirecting log file to 
any file location with any file name. It carries a severity score of 9.8 and 
is deemed critical. However, there is no evidence of abuse in the wild just 
yet. 

Being a major chip manufacturer, Qualcomm is often the target of 
cybercriminals. Roughly a year ago, Qualcomm found multiple flaws in the 
Ardeno GPU and Compute DSP drivers (again, after being tipped off by Googles 
TAG), which were used in limited, targeted exploitation. In that case, as 
well, it was said that the vulnerabilities were most likely abused by 
state-sponsored actors in espionage and data exfiltration attacks. 

In both cases, Qualcomm urged its customers to apply the available patches as 
soon as possible. 

 Via The Register More from TechRadar Pro Hackers exploit several security 
flaws in top Qualcomm GPUs Here's a list of the best firewalls today These 
are the best endpoint protection tools right now



======================================================================
Link to news story:
https://www.techradar.com/pro/security/qualcomm-releases-raft-of-security-patc
hes-urges-users-to-fix-now


--- Mystic BBS v1.12 A47 (Linux/64)
 * Origin: tqwNet Technology News (1337:1/100)

.