October 7, 2024 at 02:35PM
Qualcomm has released security patches for a zero-day vulnerability in the Digital Signal Processor (DSP) service, caused by a use-after-free weakness. The vulnerability, reported by Google Project Zero and Amnesty International Security Lab, has been exploited in targeted attacks. Qualcomm urges immediate update deployment and has also fixed another severe flaw in the WLAN Resource Manager.
Based on the meeting notes, the main takeaways are:
1. Qualcomm has released security patches for a zero-day vulnerability (CVE-2024-43047) in the Digital Signal Processor (DSP) service that impacts numerous chipsets. This vulnerability is caused by a use-after-free weakness that can lead to memory corruption when exploited by local attackers with low privileges.
2. The vulnerability (CVE-2024-43047) has been reported by Google Project Zero’s Seth Jenkins and Amnesty International Security Lab’s Conghui Wang, and it has been tagged as exploited in the wild by both Google’s Threat Analysis Group and Amnesty International Security Lab.
3. Qualcomm has also fixed an almost maximum severity flaw (CVE-2024-33066) in the WLAN Resource Manager, reported more than a year ago, caused by an improper input validation weakness that could lead to memory corruption.
4. In recent years, Qualcomm has also patched chipset vulnerabilities that could allow attackers to access users’ media files, text messages, call history, and real-time conversations. Additionally, vulnerabilities in Snapdragon Digital Signal Processor (DSP) chip have been fixed, preventing attackers from controlling smartphones without user interaction, spying on users, and creating unremovable malware capable of evading detection.
5. Previous vulnerabilities such as KrØØk, enabled attackers to decrypt some WPA2-encrypted wireless network packets, and other bugs allowed access to critical data.
Overall, it is crucial for users to ensure that their devices receive the necessary security patches and updates from their device manufacturers to mitigate the risks associated with these vulnerabilities.