Qualcomm Inc. has confirmed in a security bulletin that hackers had exploited a zero-day vulnerability in dozens of its chipsets, which are found in well-known Android devices. A zero-day vulnerability is a security flaw that the hardware manufacturer was unaware of when it was abused.
There are indications from Google Threat Analysis Group that the “CVE-2024-43047” vulnerability was under limited, targeted exploitation, the company said in the bulletin. Multiple Qualcomm chipsets contain a use-after-free vulnerability due to memory corruption in Digital Signal Processor services.
Google's assessment was confirmed by Amnesty International Security Lab. The Qualcomm vulnerability was also added to the list of vulnerabilities of American cybersecurity agency CISA.
Qualcomm said that patches for the issue had been made available to original equipment manufacturers together with a recommendation to deploy the update on affected devices as soon as possible.
Among the Qualcomm chips impacted by the vulnerability were: Snapdragon 8 Gen 1 SoC, which can be found in flagship phones like the Samsung Galaxy S22 Ultra, OnePlus 10 Pro, Xiaomi 12, Oppo Find X5 Pro and Sony Xperia 1 IV; FastConnect modules and Snapdragon modems, which are utilised for bluetooth and Wi-Fi connectivity, are also included in the list of affected chipsets.
There were currently few details available regarding the identity of those exploiting the zero-day vulnerability "in-the-wild"; it is likely that they were using it to target people in hacking campaigns. Furthermore, neither the identity of the targets nor the reason was known.
Essential Business Intelligence, Continuous LIVE TV, Sharp Market Insights, Practical Personal Finance Advice and Latest Stories — On NDTV Profit.
