Source URL: https://www.theregister.com/2024/10/08/qualcomm_patch_spyware/
Source: The Register
Title: Qualcomm urges device makers to push patches after ‘targeted’ exploitation
Feedly Summary: Given Amnesty’s involvement, it’s a safe bet spyware is in play
Qualcomm has issued 20 patches for its chipsets’ firmware, including one Digital Signal Processor (DSP) software flaw that has been exploited in the wild.…
AI Summary and Description: Yes
Summary: Qualcomm has released 20 firmware patches for various flaws in its chipsets, notably a severe Digital Signal Processor vulnerability (CVE-2024-43047) that has been exploited in the wild. The advisory urges device makers to implement these patches promptly, highlighting the importance of securing critical vulnerabilities in mobile and IoT devices.
Detailed Description: Qualcomm’s initiative addresses significant security vulnerabilities in its chipsets, with the most critical being CVE-2024-43047, rated 7.8 on the CVSS scale. This particular flaw has already been subject to exploitation, pointing to potential threats from advanced attackers including state-sponsored entities.
Key Points:
– **Vulnerability Highlights**:
– CVE-2024-43047 (7.8 CVSS) is a critical flaw in the Digital Signal Processor software. It suggests targeted exploitation, possibly by nation-state actors or commercial surveillance tools.
– Qualcomm emphasizes the urgent need for OEMs to prioritize and distribute firmware updates to mitigate risks.
– **Severity Ratings**:
– 20 patches include:
– CVE-2024-33066 (9.8 CVSS): Critical improper input validation in WLAN resource management; reportedly not yet exploited.
– CVE-2024-23369 (Severity Unknown, but High): Memory corruption in the camera driver.
– CVE-2024-33065 (8.4 CVSS): Similar memory flaw affecting the device’s operating system.
– The other flaws comprise nine high-severity and five medium-severity vulnerabilities.
– **Device Impact**:
– Affected devices include Snapdragon 660 and newer models, Qualcomm 5G modems, and various FastConnect Wi-Fi/Bluetooth kits.
– **Security Recommendations**:
– Users and device manufacturers are advised to be vigilant about firmware updates to protect against these vulnerabilities, which could lead to significant security breaches.
This situation underscores the critical nature of patch management and the need for proactive defenses in device security architecture, especially as vulnerabilities increasingly become targets for sophisticated cyber threats. Security professionals in AI, cloud, and infrastructure should stay informed about such vulnerabilities considering their potential to impact integrated devices and systems.