Qualcomm Encourages Original Equipment Manufacturers to Fix Crucial DSP and WLAN Vulnerabilities Amid Ongoing Exploits
Qualcomm has released security patches to fix almost twenty flaws encompassing exclusive and open-source elements, including one that is actively being exploited in the wild.
The significant vulnerability, identified as CVE-2024-43047 (CVSS score: 7.8), has been labeled as a user-after-free glitch in the Digital Signal Processor (DSP) Service, which could induce “memory corruption during the memory mapping of HLOS memory.”
Qualcomm recognized Google Project Zero researcher Seth Jenkins and Conghui Wang for disclosing the flaw, with Amnesty International Security Lab confirming the exploitation in real-world scenarios.
“Google Threat Analysis Group provided indications that CVE-2024-43047 might be subject to targeted exploitation,” the chipmaker stated in a bulletin.
“Remedies for the problem affecting the FASTRPC driver have been issued to OEMs along with a strong suggestion to apply the update on impacted devices without delay.”
The full extent of the attacks and their consequences remains unknown currently, although there is a possibility that it might have been utilized in espionage operations targeting members of civil society.
The October update also deals with a critical flaw in the WLAN Resource Manager (CVE-2024-33066, CVSS score: 9.8) resulting from inaccurate input validation, potentially leading to memory corruption.
This development coincides with Google’s publication of its monthly Android security bulletin, addressing 28 vulnerabilities, some of which are related to components from Imagination Technologies, MediaTek, and Qualcomm.
About Author
