October 8, 2024 at 05:35PM
Qualcomm has released 20 patches for chipsets’ firmware, addressing critical vulnerabilities, including exploited flaws in DSP software. Notably, CVE-2024-43047 carries a CVSS severity rating of 7.8, exploited by nation-state attackers or surveillanceware vendors. The update is urged for affected devices, with specific impacts on Snapdragon models and FastConnect Wi-Fi/Bluetooth kit. Additionally, other high-severity vulnerabilities were also addressed.
From the meeting notes, key takeaways are:
– Qualcomm has issued a total of 20 patches for its chipsets’ firmware, with a focus on addressing various vulnerabilities.
– One particularly noteworthy vulnerability is CVE-2024-43047, which has been exploited in the wild, carries a severity rating of 7.8, and has been reported by both Google’s Project Zero team and Amnesty International’s code testers.
– The involvement of Amnesty International’s code testers indicates potential exploitation by nation-state attackers or commercial surveillanceware vendors.
– Qualcomm has advised OEMs to deploy the updates for the mentioned issues, particularly for the vulnerability affecting the FASTRPC driver, as soon as possible.
– The CVE-2024-43047 flaw, affecting Snapdragon 660 and newer models, Qualcomm’s 5G modems, and specific Wi-Fi/Bluetooth kits, should be addressed promptly.
– Additionally, there are two other high-severity vulnerabilities (CVE-2024-23369 and CVE-2024-33065) and 14 other patches covering various severity levels and bug categories.
Overall, Qualcomm’s efforts to address these vulnerabilities are vital, and the OEMs need to ensure that the updates are promptly deployed to users’ devices to mitigate potential security risks.