Qualcomm has released security updates to address nearly two dozen flaws covering proprietary and open-source components, including one that has been widely exploited in the wild.
The high severity vulnerability, tracked as CVE-2024-43047 (CVSS score: 7.8), was described as user error after release in digital signal processor (DSP) service, which may cause “memory corruption when saving memory cards of HLOS memory”.
Qualcomm credits Google Project Zero researcher Seth Jenkins-Google Project Zero and Konghui Wang for reporting the flaw, and Amnesty International Security Lab for confirming the action in the wild.
“There are indications from the Google Threat Analysis Group that CVE-2024-43047 may be under limited targeted exploitation,” the chip maker said. said in the consulting room.
“Patches for the issue affecting the FASTRPC driver have been made available to OEMs, along with a strong recommendation to deploy the update to affected devices as soon as possible.”
The full extent of the attacks and their impact are unknown at this time, although it is possible that they were used as part of a spyware attack targeting members of civil society.
The October patch also addresses a critical flaw in the WLAN Resource Manager (CVE-2024-33066, CVSS Score: 9.8), which is caused by improper input validation and can lead to memory corruption.
Development is going like Google released Android’s own monthly security bulletin with fixes for 28 vulnerabilities, which also include issues discovered in Imagination Technologies, MediaTek, and Qualcomm components.
