October 8, 2024 at 12:42AM
Qualcomm has released security updates addressing around 20 vulnerabilities in proprietary and open-source components. Among them, CVE-2024-43047 is a high-severity user-after-free bug in the DSP Service, under active exploitation. CVE-2024-33066, a critical flaw in WLAN Resource Manager, has also been patched. The updates aim to mitigate potential targeted exploitation and spyware attacks.
Key takeaways from the meeting notes:
– Qualcomm has released security updates to address roughly two dozen vulnerabilities, including a high-severity user-after-free bug (CVE-2024-43047) in the Digital Signal Processor (DSP) Service, which is currently being actively exploited.
– The chipmaker has credited researchers from Google Project Zero and Amnesty International Security Lab for reporting and confirming the in-the-wild activity related to the vulnerability.
– The patch also addresses a critical flaw in the WLAN Resource Manager (CVE-2024-33066) caused by improper input validation.
– Google has also released its monthly Android security bulletin with fixes for 28 vulnerabilities, including issues in components from Imagination Technologies, MediaTek, and Qualcomm.
If you need further details or have specific questions, please feel free to ask.