Qualcomm Confirms Zero-Day Vulnerability Affecting Millions of Android Devices
San Diego, CA – Qualcomm has confirmed a zero-day vulnerability affecting dozens of chipsets used inmillions of Android smartphones worldwide. The vulnerability, officially designated as CVE-2024-43047, was exploited by hackers without Qualcomm’sprior knowledge.
The company revealed that it sent patches to original equipment manufacturers (OEMs) last month and described the attack as a limited, targeted exploit.Qualcomm cited indications from Google’s Threat Analysis Group, which investigates government hacking threats, suggesting the vulnerability is likely being exploited in a limited, targeted manner.
Amnesty International’s Security Lab, dedicated to protecting civilsociety from digital surveillance and spyware, corroborated Google’s assessment. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has also listed the Qualcomm vulnerability in its Known Exploited Vulnerabilities Catalog.
The vulnerability affects 64 chipsets manufactured by Qualcomm, including the Snapdragon 8 series SoCs found in popular devices like the Samsung Galaxy S22 Ultra, OnePlus 10 Pro, Sony Xperia 1 IV, OPPO Find X5 Pro, Honor Magic4 Pro, and Xiaomi 12. The list also includes Snapdragon modems and FastConnect modules used for Bluetooth and Wi-Fi connectivity.
A Qualcomm spokesperson stated that the company has sent patches, but it is up to smartphone manufacturers to release them to their customers.
An Amnesty International spokesperson said, A full investigation into who is responsible and who may have exploited this vulnerability will be published soon.
Investigations by Google and Amnesty International suggest that the hacking activity may have targeted specific individuals rather than a large group of users.
The vulnerability highlights the ongoing threat of zero-day exploits, which can be particularly dangerousdue to the lack of available patches. It underscores the importance of prompt security updates from both chip manufacturers and device makers to protect users from potential attacks.
References:
Views: 0