Qualcomm zero-day under targeted exploitation (CVE-2024-43047)
An actively exploited zero-day vulnerability (CVE-2024-43047) affecting dozens of Qualcomm’s chipsets has been patched by the American semiconductor giant.
cve-2024-43047="" qualcomm-multiple-chipsets-use-after-free-vulnerability="" "="" title="Qualcomm Multiple Chipsets Use-After-Free Vulnerability">CVE-2024-43047" title="Qualcomm">
About CVE-2024-43047
On Monday, Qualcomm has confirmed patches for 20 vulnerabilities affecting both proprietary and open source software running on its various chipsets.
Among those is CVE-2024-43047, a use-after-free vulnerability in the Digital Signal Processor (DSP) service that could lead to “memory corruption while maintaining memory maps of [high level operating system (HLOS)] memory.”
The vulnerability’s CVSS string shows that the vulnerability can be triggered by a local attacker with low privileges, with no user interaction required.
Seth Jenkins of Google Project Zero and Conghui Wang of Amnesty International Security Lab have been credited with reporting the vulnerability.
Jenkins confirmed that he found the issue in collaboration with Amnesty and Threat Analysis Group (TAG). Since both organizations are known for investigating mobile spyware targeting journalists, activists and dissidents, it seems likely that the vulnerability is being exploited by one or more commercial spyware makers.
“There are indications from Google Threat Analysis Group that CVE-2024-43047 may be under limited, targeted exploitation,” Qualcomm noted, and urged original equipment manufacturers to “deploy (…) patches on released devices as soon as possible.”
Jenkins also expressed hope that CVE-2024-43047 will be patched on Android devices very soon. (The vulnerability hasn’t been mentioned in the Android Security Bulletin for October 2024.)
A year ago, Qualcomm has similarly warned about attackers exploiting three zero-day vulnerabilities in its Adreno GPU and Compute DSP drivers.
source: HelpNetSecurity
Free security scan for your website
Top News:
Hackers now use AppDomain Injection to drop CobaltStrike beacons
August 24, 2024New Ymir Ransomware Exploits Memory for Stealthy Attacks; Targets Corporate Networks
November 12, 2024Attackers are exploiting 2 zero-days in Palo Alto Networks firewalls (CVE-2024-0012, CVE-2024-9474)
November 18, 2024CWE top 25 most dangerous software weaknesses
November 21, 2024Chinese APT Gelsemium Targets Linux Systems with New WolfsBane Backdoor
November 21, 2024